CVE-2022-48800: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: remove deadlock due to throttling failing to make progress A soft lockup bug in kcompactd was reported in a private bugzilla with the following visible in dmesg; watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479] The machine had 256G of RAM with no swap and an earlier failed allocation indicated that node 0 where kcompactd was run was potentially unreclaimable; Node 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB inactive_file:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 23480320kB writeback_tmp:0kB kernel_stack:2272kB pagetables:24500kB all_unreclaimable? yes Vlastimil Babka investigated a crash dump and found that a task migrating pages was trying to drain PCP lists; PID: 52922 TASK: ffff969f820e5000 CPU: 19 COMMAND: "kworker/u128:3" Call Trace: __schedule schedule schedule_timeout wait_for_completion __flush_work __drain_all_pages __alloc_pages_slowpath.constprop.114 __alloc_pages alloc_migration_target migrate_pages migrate_to_node do_migrate_pages cpuset_migrate_mm_workfn process_one_work worker_thread kthread ret_from_fork This failure is specific to CONFIG_PREEMPT=n builds. The root of the problem is that kcompact0 is not rescheduling on a CPU while a task that has isolated a large number of the pages from the LRU is waiting on kcompact0 to reschedule so the pages can be released. While shrink_inactive_list() only loops once around too_many_isolated, reclaim can continue without rescheduling if sc->skipped_deactivate == 1 which could happen if there was no file LRU and the inactive anon list was not low.
AI Analysis
Technical Summary
CVE-2022-48800 is a vulnerability in the Linux kernel's memory management subsystem, specifically related to the virtual memory scanning (vmscan) and page compaction mechanisms. The issue arises from a deadlock condition caused by the failure of throttling to make progress during memory reclaim operations. The vulnerability manifests as a soft lockup in the kernel thread kcompactd, which is responsible for memory compaction to reduce fragmentation. This soft lockup is observed as the CPU being stuck for extended periods (e.g., 26 to over 100 seconds), leading to system unresponsiveness or degraded performance. The root cause is tied to the interaction between page migration tasks and the kernel's page reclaim logic, particularly when the system has large amounts of anonymous memory with no swap space configured. The problem is specific to kernel builds with CONFIG_PREEMPT=n, meaning non-preemptible kernels, where the kcompactd thread does not reschedule properly while waiting for other tasks to release isolated pages from the Least Recently Used (LRU) lists. This results in a circular dependency where kcompactd waits for page release, but the releasing task waits for kcompactd to reschedule, causing a deadlock. The vulnerability was identified through analysis of kernel crash dumps and detailed tracing of kernel worker threads involved in page migration and reclaim. The issue affects Linux kernel versions identified by the commit hash d818fca1cac31b1fc9301bda83e195a46fb4ebaa and was publicly disclosed on July 16, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability can lead to significant system stability issues on Linux servers, especially those running non-preemptible kernels with large memory footprints and no swap configured. The soft lockup can cause critical services to hang or become unresponsive, impacting availability of applications and services. This is particularly relevant for data centers, cloud providers, and enterprises relying on Linux for high-memory workloads such as databases, virtualization hosts, and big data processing. The deadlock can degrade performance and potentially cause denial of service conditions, affecting business continuity. Since the vulnerability does not appear to allow privilege escalation or direct code execution, the confidentiality and integrity impacts are limited. However, the availability impact is high, especially in environments where uptime and responsiveness are critical. European organizations with strict SLAs or regulatory requirements for service availability could face operational and compliance risks if affected systems experience downtime due to this issue.
Mitigation Recommendations
1. Upgrade to a Linux kernel version where this vulnerability is patched. Monitor official Linux kernel repositories and vendor advisories for updates addressing CVE-2022-48800. 2. If upgrading immediately is not feasible, consider enabling CONFIG_PREEMPT (preemptible kernel) if possible, as the issue is specific to non-preemptible kernels. This may require recompiling the kernel with preemption enabled. 3. Configure swap space appropriately to reduce the likelihood of unreclaimable memory conditions that exacerbate this issue. 4. Monitor system logs for watchdog soft lockup messages related to kcompactd and CPU stalls to detect early signs of this vulnerability manifesting. 5. For critical systems, implement workload memory management strategies to avoid large anonymous memory allocations without swap, such as tuning application memory usage or cgroup limits. 6. Engage with Linux distribution vendors for backported patches and security updates tailored to enterprise kernels. 7. Test kernel updates in staging environments to ensure compatibility and stability before production deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48800: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: remove deadlock due to throttling failing to make progress A soft lockup bug in kcompactd was reported in a private bugzilla with the following visible in dmesg; watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479] watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479] The machine had 256G of RAM with no swap and an earlier failed allocation indicated that node 0 where kcompactd was run was potentially unreclaimable; Node 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB inactive_file:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 23480320kB writeback_tmp:0kB kernel_stack:2272kB pagetables:24500kB all_unreclaimable? yes Vlastimil Babka investigated a crash dump and found that a task migrating pages was trying to drain PCP lists; PID: 52922 TASK: ffff969f820e5000 CPU: 19 COMMAND: "kworker/u128:3" Call Trace: __schedule schedule schedule_timeout wait_for_completion __flush_work __drain_all_pages __alloc_pages_slowpath.constprop.114 __alloc_pages alloc_migration_target migrate_pages migrate_to_node do_migrate_pages cpuset_migrate_mm_workfn process_one_work worker_thread kthread ret_from_fork This failure is specific to CONFIG_PREEMPT=n builds. The root of the problem is that kcompact0 is not rescheduling on a CPU while a task that has isolated a large number of the pages from the LRU is waiting on kcompact0 to reschedule so the pages can be released. While shrink_inactive_list() only loops once around too_many_isolated, reclaim can continue without rescheduling if sc->skipped_deactivate == 1 which could happen if there was no file LRU and the inactive anon list was not low.
AI-Powered Analysis
Technical Analysis
CVE-2022-48800 is a vulnerability in the Linux kernel's memory management subsystem, specifically related to the virtual memory scanning (vmscan) and page compaction mechanisms. The issue arises from a deadlock condition caused by the failure of throttling to make progress during memory reclaim operations. The vulnerability manifests as a soft lockup in the kernel thread kcompactd, which is responsible for memory compaction to reduce fragmentation. This soft lockup is observed as the CPU being stuck for extended periods (e.g., 26 to over 100 seconds), leading to system unresponsiveness or degraded performance. The root cause is tied to the interaction between page migration tasks and the kernel's page reclaim logic, particularly when the system has large amounts of anonymous memory with no swap space configured. The problem is specific to kernel builds with CONFIG_PREEMPT=n, meaning non-preemptible kernels, where the kcompactd thread does not reschedule properly while waiting for other tasks to release isolated pages from the Least Recently Used (LRU) lists. This results in a circular dependency where kcompactd waits for page release, but the releasing task waits for kcompactd to reschedule, causing a deadlock. The vulnerability was identified through analysis of kernel crash dumps and detailed tracing of kernel worker threads involved in page migration and reclaim. The issue affects Linux kernel versions identified by the commit hash d818fca1cac31b1fc9301bda83e195a46fb4ebaa and was publicly disclosed on July 16, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability can lead to significant system stability issues on Linux servers, especially those running non-preemptible kernels with large memory footprints and no swap configured. The soft lockup can cause critical services to hang or become unresponsive, impacting availability of applications and services. This is particularly relevant for data centers, cloud providers, and enterprises relying on Linux for high-memory workloads such as databases, virtualization hosts, and big data processing. The deadlock can degrade performance and potentially cause denial of service conditions, affecting business continuity. Since the vulnerability does not appear to allow privilege escalation or direct code execution, the confidentiality and integrity impacts are limited. However, the availability impact is high, especially in environments where uptime and responsiveness are critical. European organizations with strict SLAs or regulatory requirements for service availability could face operational and compliance risks if affected systems experience downtime due to this issue.
Mitigation Recommendations
1. Upgrade to a Linux kernel version where this vulnerability is patched. Monitor official Linux kernel repositories and vendor advisories for updates addressing CVE-2022-48800. 2. If upgrading immediately is not feasible, consider enabling CONFIG_PREEMPT (preemptible kernel) if possible, as the issue is specific to non-preemptible kernels. This may require recompiling the kernel with preemption enabled. 3. Configure swap space appropriately to reduce the likelihood of unreclaimable memory conditions that exacerbate this issue. 4. Monitor system logs for watchdog soft lockup messages related to kcompactd and CPU stalls to detect early signs of this vulnerability manifesting. 5. For critical systems, implement workload memory management strategies to avoid large anonymous memory allocations without swap, such as tuning application memory usage or cgroup limits. 6. Engage with Linux distribution vendors for backported patches and security updates tailored to enterprise kernels. 7. Test kernel updates in staging environments to ensure compatibility and stability before production deployment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.895Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe61e8
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 9:42:45 PM
Last updated: 8/18/2025, 4:53:32 PM
Views: 19
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.