CVE-2022-49081: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that even slots in the tsk->kmap_ctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done with pte_none. 0 pte however does not necessarily mean that pte_none will return true. e.g. on xtensa it returns false, resulting in the following runtime warnings: WARNING: CPU: 0 PID: 101 at mm/highmem.c:627 __kmap_local_sched_out+0x51/0x108 CPU: 0 PID: 101 Comm: touch Not tainted 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dump_stack+0xc/0x40 __warn+0x8f/0x174 warn_slowpath_fmt+0x48/0xac __kmap_local_sched_out+0x51/0x108 __schedule+0x71a/0x9c4 preempt_schedule_irq+0xa0/0xe0 common_exception_return+0x5c/0x93 do_wp_page+0x30e/0x330 handle_mm_fault+0xa70/0xc3c do_page_fault+0x1d8/0x3c4 common_exception+0x7f/0x7f WARNING: CPU: 0 PID: 101 at mm/highmem.c:664 __kmap_local_sched_in+0x50/0xe0 CPU: 0 PID: 101 Comm: touch Tainted: G W 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dump_stack+0xc/0x40 __warn+0x8f/0x174 warn_slowpath_fmt+0x48/0xac __kmap_local_sched_in+0x50/0xe0 finish_task_switch$isra$0+0x1ce/0x2f8 __schedule+0x86e/0x9c4 preempt_schedule_irq+0xa0/0xe0 common_exception_return+0x5c/0x93 do_wp_page+0x30e/0x330 handle_mm_fault+0xa70/0xc3c do_page_fault+0x1d8/0x3c4 common_exception+0x7f/0x7f Fix it by replacing !pte_none(pteval) with pte_val(pteval) != 0.
AI Analysis
Technical Summary
CVE-2022-49081 is a vulnerability identified in the Linux kernel related to the handling of high memory mappings in the __kmap_local_sched_in and __kmap_local_sched_out functions. Specifically, when the kernel configuration option CONFIG_DEBUG_KMAP_LOCAL is enabled, these functions perform checks on the task's kmap control page table entries (pteval) to ensure that certain slots are unmapped. The slots are initialized with a zero value, but the check incorrectly uses the pte_none() function to verify if the slot is unmapped. However, on some architectures such as Xtensa, a zero pte value does not necessarily satisfy pte_none(), leading to false runtime warnings and potential instability. The root cause is that the check uses !pte_none(pteval) instead of the correct pte_val(pteval) != 0 condition. This discrepancy can cause spurious warnings during task scheduling and page fault handling, as evidenced by the kernel warning messages and call traces provided. Although this vulnerability does not appear to directly allow code execution or privilege escalation, it indicates a logic flaw in kernel memory management that could lead to kernel instability or denial of service under certain conditions. The fix involves correcting the check to properly interpret the pte values, ensuring that the kernel does not misinterpret valid zero-initialized slots as mapped entries. This vulnerability affects Linux kernel versions prior to the patch and is relevant for systems with CONFIG_DEBUG_KMAP_LOCAL enabled, which is typically used for debugging purposes rather than in production environments.
Potential Impact
For European organizations, the impact of CVE-2022-49081 is primarily related to system stability and reliability rather than direct compromise or data breach. Systems running affected Linux kernel versions with CONFIG_DEBUG_KMAP_LOCAL enabled may experience kernel warnings, increased logging noise, and potentially unexpected task scheduling behavior or page fault handling issues. While this configuration is uncommon in production, development, testing, or specialized environments that enable debug options could face disruptions. This could lead to denial of service if kernel panics or crashes occur due to mishandled memory mappings. Organizations relying on Linux-based infrastructure, especially those using custom kernels or embedded systems on architectures like Xtensa, may be more susceptible. The vulnerability does not currently have known exploits in the wild, reducing immediate risk. However, unresolved kernel logic errors can sometimes be leveraged in combination with other vulnerabilities to escalate impact. Therefore, maintaining patched kernels is important to ensure system robustness. The impact on confidentiality and integrity is low, but availability could be moderately affected in debug-enabled environments.
Mitigation Recommendations
1. Apply the official Linux kernel patch that corrects the pte check from !pte_none(pteval) to pte_val(pteval) != 0 as soon as it becomes available and is integrated into your kernel version. 2. Review and disable CONFIG_DEBUG_KMAP_LOCAL in production environments unless explicitly required for debugging, as this reduces exposure to this and similar debug-related issues. 3. For organizations using custom or embedded Linux kernels, ensure that kernel configurations and patches are regularly audited and updated to incorporate security fixes. 4. Monitor kernel logs for unusual warnings related to __kmap_local_sched_in/out functions to detect potential instability early. 5. Conduct thorough testing of kernel updates in staging environments before deployment to production to avoid unexpected regressions. 6. Maintain a robust kernel update policy aligned with vendor or community releases to minimize exposure to known vulnerabilities. 7. For architectures like Xtensa, which exhibit this behavior, prioritize patching and validation due to the differing pte_none() semantics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49081: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that even slots in the tsk->kmap_ctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done with pte_none. 0 pte however does not necessarily mean that pte_none will return true. e.g. on xtensa it returns false, resulting in the following runtime warnings: WARNING: CPU: 0 PID: 101 at mm/highmem.c:627 __kmap_local_sched_out+0x51/0x108 CPU: 0 PID: 101 Comm: touch Not tainted 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dump_stack+0xc/0x40 __warn+0x8f/0x174 warn_slowpath_fmt+0x48/0xac __kmap_local_sched_out+0x51/0x108 __schedule+0x71a/0x9c4 preempt_schedule_irq+0xa0/0xe0 common_exception_return+0x5c/0x93 do_wp_page+0x30e/0x330 handle_mm_fault+0xa70/0xc3c do_page_fault+0x1d8/0x3c4 common_exception+0x7f/0x7f WARNING: CPU: 0 PID: 101 at mm/highmem.c:664 __kmap_local_sched_in+0x50/0xe0 CPU: 0 PID: 101 Comm: touch Tainted: G W 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dump_stack+0xc/0x40 __warn+0x8f/0x174 warn_slowpath_fmt+0x48/0xac __kmap_local_sched_in+0x50/0xe0 finish_task_switch$isra$0+0x1ce/0x2f8 __schedule+0x86e/0x9c4 preempt_schedule_irq+0xa0/0xe0 common_exception_return+0x5c/0x93 do_wp_page+0x30e/0x330 handle_mm_fault+0xa70/0xc3c do_page_fault+0x1d8/0x3c4 common_exception+0x7f/0x7f Fix it by replacing !pte_none(pteval) with pte_val(pteval) != 0.
AI-Powered Analysis
Technical Analysis
CVE-2022-49081 is a vulnerability identified in the Linux kernel related to the handling of high memory mappings in the __kmap_local_sched_in and __kmap_local_sched_out functions. Specifically, when the kernel configuration option CONFIG_DEBUG_KMAP_LOCAL is enabled, these functions perform checks on the task's kmap control page table entries (pteval) to ensure that certain slots are unmapped. The slots are initialized with a zero value, but the check incorrectly uses the pte_none() function to verify if the slot is unmapped. However, on some architectures such as Xtensa, a zero pte value does not necessarily satisfy pte_none(), leading to false runtime warnings and potential instability. The root cause is that the check uses !pte_none(pteval) instead of the correct pte_val(pteval) != 0 condition. This discrepancy can cause spurious warnings during task scheduling and page fault handling, as evidenced by the kernel warning messages and call traces provided. Although this vulnerability does not appear to directly allow code execution or privilege escalation, it indicates a logic flaw in kernel memory management that could lead to kernel instability or denial of service under certain conditions. The fix involves correcting the check to properly interpret the pte values, ensuring that the kernel does not misinterpret valid zero-initialized slots as mapped entries. This vulnerability affects Linux kernel versions prior to the patch and is relevant for systems with CONFIG_DEBUG_KMAP_LOCAL enabled, which is typically used for debugging purposes rather than in production environments.
Potential Impact
For European organizations, the impact of CVE-2022-49081 is primarily related to system stability and reliability rather than direct compromise or data breach. Systems running affected Linux kernel versions with CONFIG_DEBUG_KMAP_LOCAL enabled may experience kernel warnings, increased logging noise, and potentially unexpected task scheduling behavior or page fault handling issues. While this configuration is uncommon in production, development, testing, or specialized environments that enable debug options could face disruptions. This could lead to denial of service if kernel panics or crashes occur due to mishandled memory mappings. Organizations relying on Linux-based infrastructure, especially those using custom kernels or embedded systems on architectures like Xtensa, may be more susceptible. The vulnerability does not currently have known exploits in the wild, reducing immediate risk. However, unresolved kernel logic errors can sometimes be leveraged in combination with other vulnerabilities to escalate impact. Therefore, maintaining patched kernels is important to ensure system robustness. The impact on confidentiality and integrity is low, but availability could be moderately affected in debug-enabled environments.
Mitigation Recommendations
1. Apply the official Linux kernel patch that corrects the pte check from !pte_none(pteval) to pte_val(pteval) != 0 as soon as it becomes available and is integrated into your kernel version. 2. Review and disable CONFIG_DEBUG_KMAP_LOCAL in production environments unless explicitly required for debugging, as this reduces exposure to this and similar debug-related issues. 3. For organizations using custom or embedded Linux kernels, ensure that kernel configurations and patches are regularly audited and updated to incorporate security fixes. 4. Monitor kernel logs for unusual warnings related to __kmap_local_sched_in/out functions to detect potential instability early. 5. Conduct thorough testing of kernel updates in staging environments before deployment to production to avoid unexpected regressions. 6. Maintain a robust kernel update policy aligned with vendor or community releases to minimize exposure to known vulnerabilities. 7. For architectures like Xtensa, which exhibit this behavior, prioritize patching and validation due to the differing pte_none() semantics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.247Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6ad4
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 1:58:19 AM
Last updated: 8/11/2025, 11:20:40 AM
Views: 9
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.