CVE-2022-49567 (GCVE-0-2022-49567)
Vulnerability from cvelistv5
Published
2025-02-26 02:23
Modified
2025-12-23 13:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when
pol->mode is MPOL_LOCAL. Check pol->mode before access
pol->w.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c).
BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline]
BUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368
mpol_rebind_policy mm/mempolicy.c:352 [inline]
mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368
cpuset_change_task_nodemask kernel/cgroup/cpuset.c:1711 [inline]
cpuset_attach+0x787/0x15e0 kernel/cgroup/cpuset.c:2278
cgroup_migrate_execute+0x1023/0x1d20 kernel/cgroup/cgroup.c:2515
cgroup_migrate kernel/cgroup/cgroup.c:2771 [inline]
cgroup_attach_task+0x540/0x8b0 kernel/cgroup/cgroup.c:2804
__cgroup1_procs_write+0x5cc/0x7a0 kernel/cgroup/cgroup-v1.c:520
cgroup1_tasks_write+0x94/0xb0 kernel/cgroup/cgroup-v1.c:539
cgroup_file_write+0x4c2/0x9e0 kernel/cgroup/cgroup.c:3852
kernfs_fop_write_iter+0x66a/0x9f0 fs/kernfs/file.c:296
call_write_iter include/linux/fs.h:2162 [inline]
new_sync_write fs/read_write.c:503 [inline]
vfs_write+0x1318/0x2030 fs/read_write.c:590
ksys_write+0x28b/0x510 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0xdb/0x120 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x44/0xae
Uninit was created at:
slab_post_alloc_hook mm/slab.h:524 [inline]
slab_alloc_node mm/slub.c:3251 [inline]
slab_alloc mm/slub.c:3259 [inline]
kmem_cache_alloc+0x902/0x11c0 mm/slub.c:3264
mpol_new mm/mempolicy.c:293 [inline]
do_set_mempolicy+0x421/0xb70 mm/mempolicy.c:853
kernel_set_mempolicy mm/mempolicy.c:1504 [inline]
__do_sys_set_mempolicy mm/mempolicy.c:1510 [inline]
__se_sys_set_mempolicy+0x44c/0xb60 mm/mempolicy.c:1507
__x64_sys_set_mempolicy+0xd8/0x110 mm/mempolicy.c:1507
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x44/0xae
KMSAN: uninit-value in mpol_rebind_task (2)
https://syzkaller.appspot.com/bug?id=d6eb90f952c2a5de9ea718a1b873c55cb13b59dc
This patch seems to fix below bug too.
KMSAN: uninit-value in mpol_rebind_mm (2)
https://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b
The uninit-value is pol->w.cpuset_mems_allowed in mpol_rebind_policy().
When syzkaller reproducer runs to the beginning of mpol_new(),
mpol_new() mm/mempolicy.c
do_mbind() mm/mempolicy.c
kernel_mbind() mm/mempolicy.c
`mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags`
is 0. Then
mode = MPOL_LOCAL;
...
policy->mode = mode;
policy->flags = flags;
will be executed. So in mpol_set_nodemask(),
mpol_set_nodemask() mm/mempolicy.c
do_mbind()
kernel_mbind()
pol->mode is 4 (MPOL_LOCAL), that `nodemask` in `pol` is not initialized,
which will be accessed in mpol_rebind_policy().
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:36:59.497396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:46:37.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/mempolicy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c5429a04ccd8dbcc3c753dab2f4126774ec28d4",
"status": "affected",
"version": "7858d7bca7fbbbbd5b940d2ec371b2d060b21b84",
"versionType": "git"
},
{
"lessThan": "777e563f10e91e91130fe06bee85220d508e7b9b",
"status": "affected",
"version": "7858d7bca7fbbbbd5b940d2ec371b2d060b21b84",
"versionType": "git"
},
{
"lessThan": "018160ad314d75b1409129b2247b614a9f35894c",
"status": "affected",
"version": "7858d7bca7fbbbbd5b940d2ec371b2d060b21b84",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/mempolicy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.58",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.15",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix uninit-value in mpol_rebind_policy()\n\nmpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when\npol-\u003emode is MPOL_LOCAL. Check pol-\u003emode before access\npol-\u003ew.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c).\n\nBUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline]\nBUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368\n mpol_rebind_policy mm/mempolicy.c:352 [inline]\n mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368\n cpuset_change_task_nodemask kernel/cgroup/cpuset.c:1711 [inline]\n cpuset_attach+0x787/0x15e0 kernel/cgroup/cpuset.c:2278\n cgroup_migrate_execute+0x1023/0x1d20 kernel/cgroup/cgroup.c:2515\n cgroup_migrate kernel/cgroup/cgroup.c:2771 [inline]\n cgroup_attach_task+0x540/0x8b0 kernel/cgroup/cgroup.c:2804\n __cgroup1_procs_write+0x5cc/0x7a0 kernel/cgroup/cgroup-v1.c:520\n cgroup1_tasks_write+0x94/0xb0 kernel/cgroup/cgroup-v1.c:539\n cgroup_file_write+0x4c2/0x9e0 kernel/cgroup/cgroup.c:3852\n kernfs_fop_write_iter+0x66a/0x9f0 fs/kernfs/file.c:296\n call_write_iter include/linux/fs.h:2162 [inline]\n new_sync_write fs/read_write.c:503 [inline]\n vfs_write+0x1318/0x2030 fs/read_write.c:590\n ksys_write+0x28b/0x510 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0xdb/0x120 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n slab_alloc mm/slub.c:3259 [inline]\n kmem_cache_alloc+0x902/0x11c0 mm/slub.c:3264\n mpol_new mm/mempolicy.c:293 [inline]\n do_set_mempolicy+0x421/0xb70 mm/mempolicy.c:853\n kernel_set_mempolicy mm/mempolicy.c:1504 [inline]\n __do_sys_set_mempolicy mm/mempolicy.c:1510 [inline]\n __se_sys_set_mempolicy+0x44c/0xb60 mm/mempolicy.c:1507\n __x64_sys_set_mempolicy+0xd8/0x110 mm/mempolicy.c:1507\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nKMSAN: uninit-value in mpol_rebind_task (2)\nhttps://syzkaller.appspot.com/bug?id=d6eb90f952c2a5de9ea718a1b873c55cb13b59dc\n\nThis patch seems to fix below bug too.\nKMSAN: uninit-value in mpol_rebind_mm (2)\nhttps://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b\n\nThe uninit-value is pol-\u003ew.cpuset_mems_allowed in mpol_rebind_policy().\nWhen syzkaller reproducer runs to the beginning of mpol_new(),\n\n\t mpol_new() mm/mempolicy.c\n\t do_mbind() mm/mempolicy.c\n\tkernel_mbind() mm/mempolicy.c\n\n`mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags`\nis 0. Then\n\n\tmode = MPOL_LOCAL;\n\t...\n\tpolicy-\u003emode = mode;\n\tpolicy-\u003eflags = flags;\n\nwill be executed. So in mpol_set_nodemask(),\n\n\t mpol_set_nodemask() mm/mempolicy.c\n\t do_mbind()\n\tkernel_mbind()\n\npol-\u003emode is 4 (MPOL_LOCAL), that `nodemask` in `pol` is not initialized,\nwhich will be accessed in mpol_rebind_policy()."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T13:24:42.648Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c5429a04ccd8dbcc3c753dab2f4126774ec28d4"
},
{
"url": "https://git.kernel.org/stable/c/777e563f10e91e91130fe06bee85220d508e7b9b"
},
{
"url": "https://git.kernel.org/stable/c/018160ad314d75b1409129b2247b614a9f35894c"
}
],
"title": "mm/mempolicy: fix uninit-value in mpol_rebind_policy()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49567",
"datePublished": "2025-02-26T02:23:12.222Z",
"dateReserved": "2025-02-26T02:21:30.410Z",
"dateUpdated": "2025-12-23T13:24:42.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-49567\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T19:36:59.497396Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-908\", \"description\": \"CWE-908 Use of Uninitialized Resource\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T16:50:11.785Z\"}}], \"cna\": {\"title\": \"mm/mempolicy: fix uninit-value in mpol_rebind_policy()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"5735845906fb1d90fe597f8b503fc0a857d475e3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"aaa1c5d635a6fca2043513ffb5be169f9cd17d9e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"13d51565cec1aa432a6ab363edc2bbc53c6f49cb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"a1f8765f68bc9bf5744b365bb9f5e0b6db93edfe\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"ddb3f0b68863bd1c5f43177eea476bce316d4993\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"8c5429a04ccd8dbcc3c753dab2f4126774ec28d4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"777e563f10e91e91130fe06bee85220d508e7b9b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"018160ad314d75b1409129b2247b614a9f35894c\", \"versionType\": \"git\"}], \"programFiles\": [\"mm/mempolicy.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"4.9.325\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.290\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.254\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.208\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.134\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.58\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.18.15\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.18.*\"}, {\"status\": \"unaffected\", \"version\": \"5.19\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"mm/mempolicy.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/5735845906fb1d90fe597f8b503fc0a857d475e3\"}, {\"url\": \"https://git.kernel.org/stable/c/aaa1c5d635a6fca2043513ffb5be169f9cd17d9e\"}, {\"url\": \"https://git.kernel.org/stable/c/13d51565cec1aa432a6ab363edc2bbc53c6f49cb\"}, {\"url\": \"https://git.kernel.org/stable/c/a1f8765f68bc9bf5744b365bb9f5e0b6db93edfe\"}, {\"url\": \"https://git.kernel.org/stable/c/ddb3f0b68863bd1c5f43177eea476bce316d4993\"}, {\"url\": \"https://git.kernel.org/stable/c/8c5429a04ccd8dbcc3c753dab2f4126774ec28d4\"}, {\"url\": \"https://git.kernel.org/stable/c/777e563f10e91e91130fe06bee85220d508e7b9b\"}, {\"url\": \"https://git.kernel.org/stable/c/018160ad314d75b1409129b2247b614a9f35894c\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/mempolicy: fix uninit-value in mpol_rebind_policy()\\n\\nmpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when\\npol-\u003emode is MPOL_LOCAL. Check pol-\u003emode before access\\npol-\u003ew.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c).\\n\\nBUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline]\\nBUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368\\n mpol_rebind_policy mm/mempolicy.c:352 [inline]\\n mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368\\n cpuset_change_task_nodemask kernel/cgroup/cpuset.c:1711 [inline]\\n cpuset_attach+0x787/0x15e0 kernel/cgroup/cpuset.c:2278\\n cgroup_migrate_execute+0x1023/0x1d20 kernel/cgroup/cgroup.c:2515\\n cgroup_migrate kernel/cgroup/cgroup.c:2771 [inline]\\n cgroup_attach_task+0x540/0x8b0 kernel/cgroup/cgroup.c:2804\\n __cgroup1_procs_write+0x5cc/0x7a0 kernel/cgroup/cgroup-v1.c:520\\n cgroup1_tasks_write+0x94/0xb0 kernel/cgroup/cgroup-v1.c:539\\n cgroup_file_write+0x4c2/0x9e0 kernel/cgroup/cgroup.c:3852\\n kernfs_fop_write_iter+0x66a/0x9f0 fs/kernfs/file.c:296\\n call_write_iter include/linux/fs.h:2162 [inline]\\n new_sync_write fs/read_write.c:503 [inline]\\n vfs_write+0x1318/0x2030 fs/read_write.c:590\\n ksys_write+0x28b/0x510 fs/read_write.c:643\\n __do_sys_write fs/read_write.c:655 [inline]\\n __se_sys_write fs/read_write.c:652 [inline]\\n __x64_sys_write+0xdb/0x120 fs/read_write.c:652\\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\\n entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nUninit was created at:\\n slab_post_alloc_hook mm/slab.h:524 [inline]\\n slab_alloc_node mm/slub.c:3251 [inline]\\n slab_alloc mm/slub.c:3259 [inline]\\n kmem_cache_alloc+0x902/0x11c0 mm/slub.c:3264\\n mpol_new mm/mempolicy.c:293 [inline]\\n do_set_mempolicy+0x421/0xb70 mm/mempolicy.c:853\\n kernel_set_mempolicy mm/mempolicy.c:1504 [inline]\\n __do_sys_set_mempolicy mm/mempolicy.c:1510 [inline]\\n __se_sys_set_mempolicy+0x44c/0xb60 mm/mempolicy.c:1507\\n __x64_sys_set_mempolicy+0xd8/0x110 mm/mempolicy.c:1507\\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\\n do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82\\n entry_SYSCALL_64_after_hwframe+0x44/0xae\\n\\nKMSAN: uninit-value in mpol_rebind_task (2)\\nhttps://syzkaller.appspot.com/bug?id=d6eb90f952c2a5de9ea718a1b873c55cb13b59dc\\n\\nThis patch seems to fix below bug too.\\nKMSAN: uninit-value in mpol_rebind_mm (2)\\nhttps://syzkaller.appspot.com/bug?id=f2fecd0d7013f54ec4162f60743a2b28df40926b\\n\\nThe uninit-value is pol-\u003ew.cpuset_mems_allowed in mpol_rebind_policy().\\nWhen syzkaller reproducer runs to the beginning of mpol_new(),\\n\\n\\t mpol_new() mm/mempolicy.c\\n\\t do_mbind() mm/mempolicy.c\\n\\tkernel_mbind() mm/mempolicy.c\\n\\n`mode` is 1(MPOL_PREFERRED), nodes_empty(*nodes) is `true` and `flags`\\nis 0. Then\\n\\n\\tmode = MPOL_LOCAL;\\n\\t...\\n\\tpolicy-\u003emode = mode;\\n\\tpolicy-\u003eflags = flags;\\n\\nwill be executed. So in mpol_set_nodemask(),\\n\\n\\t mpol_set_nodemask() mm/mempolicy.c\\n\\t do_mbind()\\n\\tkernel_mbind()\\n\\npol-\u003emode is 4 (MPOL_LOCAL), that `nodemask` in `pol` is not initialized,\\nwhich will be accessed in mpol_rebind_policy().\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.325\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.290\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.254\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.208\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.134\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.58\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.18.15\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.19\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T08:40:47.929Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-49567\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T19:46:37.965Z\", \"dateReserved\": \"2025-02-26T02:21:30.410Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-26T02:23:12.222Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…