Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VM_PFNMAP path is broken as it assumes that vm_pgoff is the base pfn of the mapped VMA range, which is conceptually wrong as vm_pgoff is the offset relative to the file and has nothing to do with the pfn. The horrific hack worked for the original use case (backing guest memory with /dev/mem), but leads to accessing "random" pfns for pretty much any other VM_PFNMAP case.

INFO

Published Date :

2025-02-26T02:14:06.515Z

Last Modified :

2025-05-04T08:40:41.692Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49562 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49562.

URL Resource
https://git.kernel.org/stable/c/38b888911e8dc89b89d8147cfb1d2dbe6373bf78 cve-icon cve-icon
https://git.kernel.org/stable/c/8089e5e1d18402fb8152d6b6815450a36fffa9b0 cve-icon cve-icon
https://git.kernel.org/stable/c/f122dfe4476890d60b8c679128cd2259ec96a24c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022618-CVE-2022-49562-1d2c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49562 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49562 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact