CVE-2022-49152: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SHIFT when we call xas_create_range(), xas_create_range() will misinterpret that entry as a node and dereference xa_node->parent, generally leading to a crash that looks something like this: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0 RIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline] RIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725 It's deterministically reproducable once you know what the problem is, but producing it in a live kernel requires khugepaged to hit a race. While the problem has been present since xas_create_range() was introduced, I'm not aware of a way to hit it before the page cache was converted to use multi-index entries.
AI Analysis
Technical Summary
CVE-2022-49152 is a vulnerability in the Linux kernel's XArray implementation, specifically in the function xas_create_range(). The issue arises when there is already an entry present in the XArray that is of order greater than or equal to XA_CHUNK_SHIFT. Under these conditions, xas_create_range() misinterprets the existing entry as a node and attempts to dereference xa_node->parent, which leads to a null pointer dereference and a general protection fault. This results in a kernel crash, as demonstrated by the provided kernel panic logs involving the khugepaged process. The vulnerability is deterministic once the conditions are met but requires a race condition involving khugepaged to trigger in a live kernel environment. The flaw has existed since the introduction of xas_create_range(), but exploitation is limited to kernels where the page cache uses multi-index entries. No known exploits are currently in the wild, and no CVSS score has been assigned. The vulnerability affects Linux kernel versions identified by the commit hash 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3, indicating a specific patch or code state. This vulnerability can cause denial of service (DoS) through kernel crashes, impacting system availability. It does not appear to allow privilege escalation or code execution directly but can disrupt critical kernel operations, especially those involving memory management and page caching.
Potential Impact
For European organizations, the impact of CVE-2022-49152 primarily involves potential denial of service conditions on Linux systems running vulnerable kernel versions. Given Linux's widespread use in servers, cloud infrastructure, and embedded devices across Europe, this vulnerability could disrupt critical services if exploited. Systems running workloads that heavily utilize the page cache and memory management subsystems, such as database servers, virtualization hosts, and container platforms, are at higher risk of experiencing crashes. Although no known exploits exist, the deterministic nature of the bug means that sophisticated attackers or automated fuzzing tools could develop exploits, potentially causing service outages. This could affect availability of business-critical applications, leading to operational downtime and financial losses. The vulnerability does not directly compromise confidentiality or integrity but could be leveraged as part of a larger attack chain to cause disruption. European organizations with strict uptime and reliability requirements, such as financial institutions, healthcare providers, and critical infrastructure operators, should prioritize addressing this issue to maintain service continuity.
Mitigation Recommendations
To mitigate CVE-2022-49152, European organizations should: 1) Apply the latest Linux kernel patches that fix the xas_create_range() function to prevent the null pointer dereference. Since the vulnerability is tied to specific kernel code, updating to a patched kernel version is the most effective mitigation. 2) For environments where immediate patching is not feasible, consider disabling or limiting the use of khugepaged or other kernel features that interact with the page cache multi-index entries, as the race condition involving khugepaged is necessary to trigger the crash. 3) Implement robust kernel crash monitoring and alerting to detect and respond quickly to any kernel panics or system reboots potentially caused by this vulnerability. 4) Use kernel live patching solutions where available to apply fixes without downtime, especially in production environments requiring high availability. 5) Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before deployment. 6) Maintain strict access controls and monitoring on systems running vulnerable kernels to detect any attempts to exploit this vulnerability. 7) Engage with Linux distribution vendors and security mailing lists to stay informed about patches and advisories related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2022-49152: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SHIFT when we call xas_create_range(), xas_create_range() will misinterpret that entry as a node and dereference xa_node->parent, generally leading to a crash that looks something like this: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0 RIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline] RIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725 It's deterministically reproducable once you know what the problem is, but producing it in a live kernel requires khugepaged to hit a race. While the problem has been present since xas_create_range() was introduced, I'm not aware of a way to hit it before the page cache was converted to use multi-index entries.
AI-Powered Analysis
Technical Analysis
CVE-2022-49152 is a vulnerability in the Linux kernel's XArray implementation, specifically in the function xas_create_range(). The issue arises when there is already an entry present in the XArray that is of order greater than or equal to XA_CHUNK_SHIFT. Under these conditions, xas_create_range() misinterprets the existing entry as a node and attempts to dereference xa_node->parent, which leads to a null pointer dereference and a general protection fault. This results in a kernel crash, as demonstrated by the provided kernel panic logs involving the khugepaged process. The vulnerability is deterministic once the conditions are met but requires a race condition involving khugepaged to trigger in a live kernel environment. The flaw has existed since the introduction of xas_create_range(), but exploitation is limited to kernels where the page cache uses multi-index entries. No known exploits are currently in the wild, and no CVSS score has been assigned. The vulnerability affects Linux kernel versions identified by the commit hash 6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3, indicating a specific patch or code state. This vulnerability can cause denial of service (DoS) through kernel crashes, impacting system availability. It does not appear to allow privilege escalation or code execution directly but can disrupt critical kernel operations, especially those involving memory management and page caching.
Potential Impact
For European organizations, the impact of CVE-2022-49152 primarily involves potential denial of service conditions on Linux systems running vulnerable kernel versions. Given Linux's widespread use in servers, cloud infrastructure, and embedded devices across Europe, this vulnerability could disrupt critical services if exploited. Systems running workloads that heavily utilize the page cache and memory management subsystems, such as database servers, virtualization hosts, and container platforms, are at higher risk of experiencing crashes. Although no known exploits exist, the deterministic nature of the bug means that sophisticated attackers or automated fuzzing tools could develop exploits, potentially causing service outages. This could affect availability of business-critical applications, leading to operational downtime and financial losses. The vulnerability does not directly compromise confidentiality or integrity but could be leveraged as part of a larger attack chain to cause disruption. European organizations with strict uptime and reliability requirements, such as financial institutions, healthcare providers, and critical infrastructure operators, should prioritize addressing this issue to maintain service continuity.
Mitigation Recommendations
To mitigate CVE-2022-49152, European organizations should: 1) Apply the latest Linux kernel patches that fix the xas_create_range() function to prevent the null pointer dereference. Since the vulnerability is tied to specific kernel code, updating to a patched kernel version is the most effective mitigation. 2) For environments where immediate patching is not feasible, consider disabling or limiting the use of khugepaged or other kernel features that interact with the page cache multi-index entries, as the race condition involving khugepaged is necessary to trigger the crash. 3) Implement robust kernel crash monitoring and alerting to detect and respond quickly to any kernel panics or system reboots potentially caused by this vulnerability. 4) Use kernel live patching solutions where available to apply fixes without downtime, especially in production environments requiring high availability. 5) Conduct thorough testing of kernel updates in staging environments to ensure compatibility and stability before deployment. 6) Maintain strict access controls and monitoring on systems running vulnerable kernels to detect any attempts to exploit this vulnerability. 7) Engage with Linux distribution vendors and security mailing lists to stay informed about patches and advisories related to this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.274Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe506d
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 3:27:03 AM
Last updated: 8/12/2025, 4:45:37 AM
Views: 16
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.