U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2022-49554 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been locked can concurrently migrate off the zspage page list while lock_zspage() churns away, lock_zspage() can suffer from a few different lethal races. It can lock a page which no longer belongs to the zspage and unsafely dereference page_private(), it can unsafely dereference a torn pointer to the next page (since there's a data race), and it can observe a spurious NULL pointer to the next page and thus not lock all of the zspage's pages (since a single page migration will reconstruct the entire page list, and create_page_chain() unconditionally zeroes out each list pointer in the process). Fix the races by using migrate_read_lock() in lock_zspage() to synchronize with page migration.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/2505a981114dcb715f8977b8433f7540854851d8 kernel.org Patch 
https://git.kernel.org/stable/c/3674d8a8dadd03a447dd21069d4dacfc3399b63b kernel.org Patch 
https://git.kernel.org/stable/c/3ec459c8810e658401be428d3168eacfc380bdd0 kernel.org Patch 
https://git.kernel.org/stable/c/645996efc2ae391246d595832aaa6f9d3cc338c7 kernel.org Patch 
https://git.kernel.org/stable/c/8ba7b7c1dad1f6503c541778f31b33f7f62eb966 kernel.org Patch 
https://git.kernel.org/stable/c/c5402fb5f71f1a725f1e55d9c6799c0c7bec308f kernel.org Patch 
https://git.kernel.org/stable/c/fae05b2314b147a78fbed1dc4c645d9a66313758 kernel.org Patch 
https://git.kernel.org/stable/c/fc658c083904427abbf8f18280d517ee2668677c kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-49554
NVD Published Date:
02/26/2025
NVD Last Modified:
10/22/2025
Source:
kernel.org