2348099 – (CVE-2022-49699) CVE-2022-49699 kernel: filemap: Handle sibling entries in filemap_get_read_batch()

Bug 2348099 (CVE-2022-49699) - CVE-2022-49699 kernel: filemap: Handle sibling entries in filemap_get_read_batch()

Summary: CVE-2022-49699 kernel: filemap: Handle sibling entries in filemap_get_read_ba...

Keywords:
Status:	NEW
Alias:	CVE-2022-49699
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-26 03:17 UTC by OSIDB Bzimport
Modified:	2025-02-27 08:59 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:17:35 UTC

In the Linux kernel, the following vulnerability has been resolved:

filemap: Handle sibling entries in filemap_get_read_batch()

If a read races with an invalidation followed by another read, it is
possible for a folio to be replaced with a higher-order folio.  If that
happens, we'll see a sibling entry for the new folio in the next iteration
of the loop.  This manifests as a NULL pointer dereference while holding
the RCU read lock.

Handle this by simply returning.  The next call will find the new folio
and handle it correctly.  The other ways of handling this rare race are
more complex and it's just not worth it.

Comment 1 Avinash Hanwate 2025-02-26 19:04:17 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022628-CVE-2022-49699-d60e@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.