CVE-2022-49778 is a vulnerability identified in the Linux kernel specifically affecting the ARM64 architecture's memory management subsystem. The issue arises from an incorrect handling of page table entries during the collapse of huge pages, a memory optimization technique used to improve performance by merging multiple small pages into a larger one. The vulnerability is rooted in the function pmd_user_accessible_page(), which fails to verify whether a Page Middle Directory (PMD) entry is a leaf node before decrementing the file_map_count. This incorrect decrement occurs when the PMD is non-leaf, leading to an unexpected kernel BUG_ON() trigger during huge page collapse operations. The kernel panic manifests as an internal error with an Oops message, indicating a critical failure in the kernel's page table check logic. The root cause is that pmd_user_accessible_page() uses pmd_present() to check the PMD entry, which does not distinguish leaf from non-leaf entries. The fix involves replacing pmd_present() with pmd_leaf() to ensure only leaf PMD entries are processed, and similarly updating pud_user_accessible_page() to use pud_leaf() for Page Upper Directory (PUD) entries. This correction prevents the erroneous decrement of file_map_count and avoids the kernel panic. The vulnerability affects Linux kernel versions prior to the patch and is specific to ARM64 platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations relying on ARM64-based Linux systems, particularly those utilizing huge page memory optimizations, this vulnerability can cause unexpected kernel panics leading to system crashes and potential denial of service. Such disruptions can affect critical infrastructure, cloud services, and embedded systems running Linux on ARM64 hardware. The impact on confidentiality and integrity is minimal as the vulnerability primarily causes availability issues through system instability. However, frequent crashes can degrade service reliability, impact business operations, and increase maintenance overhead. Organizations running ARM64 Linux kernels in data centers, edge computing, or IoT devices may experience operational interruptions if the vulnerable kernel versions are deployed. Given the kernel panic occurs in the khugepaged kernel thread responsible for managing huge pages, workloads with heavy memory usage or performance tuning relying on huge pages are at higher risk. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploitation if attackers find ways to trigger the bug deliberately.

European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-49778. Specifically, ensure that the ARM64 kernel is patched to use pmd_leaf() and pud_leaf() checks as per the official Linux kernel patches. For systems where immediate patching is not feasible, consider disabling huge page collapsing features temporarily to avoid triggering the bug, though this may impact performance. Monitoring kernel logs for BUG_ON() messages related to page_table_check.c can help detect attempts to trigger the vulnerability. Additionally, implement robust system monitoring and automated reboot mechanisms to minimize downtime caused by kernel panics. For embedded or specialized ARM64 Linux deployments, coordinate with hardware and software vendors to obtain patched kernel releases. Finally, maintain strict change management and testing procedures to validate kernel updates in staging environments before production deployment to avoid regressions.