CVE-2022-49991

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2022-49991 RHSA-2023:2458 RHSA-2025:14744 RHSA-2025:14749 UBUNTU-CVE-2022-49991

Analyzed

Published: 18 Jun 2025, 11:00

Last modified:11 May 2026, 19:10

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.05% LOW

0% probability +0.04%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Jun 2025, 11:00

Published

Vulnerability first disclosed

11 May 2026, 19:10

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page cache are installed in the ptes. But hugepage_add_new_anon_rmap is called for them mistakenly because they're not vm_shared. This will corrupt the page->mapping used by page cache code.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.05%• Percentile: 16%

Affected Systems

linux•linux
≥ f619147104c8ea71e120e4936d2b68ec11a1e527, < da60ddd80d09f8371fbba1a238a4b318d13ba698 | ≥ f619147104c8ea71e120e4936d2b68ec11a1e527, < 3ada1b3e58db255a14ec73a59d7913e84dc5a8a4 | ≥ f619147104c8ea71e120e4936d2b68ec11a1e527, < ab74ef708dc51df7cf2b8a890b9c6990fac5c0c6 | 5.13
linux•linux_kernel
≥ 5.13, < 5.15.65 | ≥ 5.16, < 5.19.6 | 6.0:rc1 | 6.0:rc2