CVE-2022-49994

MEDIUM

Linux Kernel 5.14-5.14, 5.15.64-5.15.*, 5.16-5.19.6, 5.19.*-6.0 - Use-After-Free in Bootmem Vmemmap Page Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from memblock. Remove it from kmemleak when freeing the page. Otherwise, when we reuse the page, kmemleak may report such an error and then stop working. kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing) kmemleak: Kernel memory leak detector disabled kmemleak: Object 0xffff98fb6be00000 (size 335544320): kmemleak: comm "swapper", pid 0, jiffies 4294892296 kmemleak: min_count = 0 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace:

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0019
EPSS Percentile 9.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (12)
linux/Kernel 5.14.0 - 5.15.64linux
linux/Kernel 5.16.0 - 5.19.6linux
Linux/Linux < 5.14
Linux/Linux 5.14
Linux/Linux 5.15.64 - 5.15.*
Linux/Linux 5.19.6 - 5.19.*
Linux/Linux 6.0
Linux/Linux f41f2ed43ca5258d70d53290d1951a21621f95c8 - 16a12ee619e39e8112f61b603255c16b73b6264b
Linux/Linux f41f2ed43ca5258d70d53290d1951a21621f95c8 - 9ae15c4ba2be1e5a62503b6d873e84beb5fcbb5a
Linux/Linux f41f2ed43ca5258d70d53290d1951a21621f95c8 - dd0ff4d12dd284c334f7e9b07f8f335af856ac78
... and 2 more
Published Jun 18, 2025
Tracked Since Feb 18, 2026