CVE-2022-49994

In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from memblock. Remove it from kmemleak when freeing the page. Otherwise, when we reuse the page, kmemleak may report such an error and then stop working. kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing) kmemleak: Kernel memory leak detector disabled kmemleak: Object 0xffff98fb6be00000 (size 335544320): kmemleak: comm "swapper", pid 0, jiffies 4294892296 kmemleak: min_count = 0 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace:

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/16a12ee619e39e8112f61b603255c16b73b6264b	Patch
https://git.kernel.org/stable/c/9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a	Patch
https://git.kernel.org/stable/c/dd0ff4d12dd284c334f7e9b07f8f335af856ac78	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::

History

14 Nov 2025, 18:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/16a12ee619e39e8112f61b603255c16b73b6264b -~~	() https://git.kernel.org/stable/c/16a12ee619e39e8112f61b603255c16b73b6264b - Patch
References	~~() https://git.kernel.org/stable/c/9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a -~~	() https://git.kernel.org/stable/c/9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a - Patch
References	~~() https://git.kernel.org/stable/c/dd0ff4d12dd284c334f7e9b07f8f335af856ac78 -~~	() https://git.kernel.org/stable/c/dd0ff4d12dd284c334f7e9b07f8f335af856ac78 - Patch
CWE		CWE-401
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bootmem: eliminar las páginas vmemmap de kmemleak en put_page_bootmem. Las páginas vmemmap están marcadas por kmemleak cuando se asignan desde memblock. Elimínelas de kmemleak al liberar la página. De lo contrario, al reutilizar la página, kmemleak podría informar dicho error y dejar de funcionar. kmemleak: No se puede insertar 0xffff98fb6eab3d40 en el árbol de búsqueda de objetos (se superpone a los existentes) kmemleak: Detector de fugas de memoria del kernel deshabilitado kmemleak: Objeto 0xffff98fb6be00000 (tamaño 335544320): kmemleak: comm "swapper", pid 0, jiffies 4294892296 kmemleak: min_count = 0 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace:
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::
First Time		Linux Linux linux Kernel

18 Jun 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 11:15

Updated : 2025-11-14 18:11

NVD link : CVE-2022-49994

Mitre link : CVE-2022-49994

CVE.ORG link : CVE-2022-49994

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10