vulnerability
Ubuntu: (CVE-2022-49699): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:N/I:N/A:C) | Feb 26, 2025 | Jun 26, 2025 | Mar 27, 2026 |
Description
In the Linux kernel, the following vulnerability has been resolved:
filemap: Handle sibling entries in filemap_get_read_batch()
If a read races with an invalidation followed by another read, it is
possible for a folio to be replaced with a higher-order folio. If that
happens, we'll see a sibling entry for the new folio in the next iteration
of the loop. This manifests as a NULL pointer dereference while holding
the RCU read lock.
Handle this by simply returning. The next call will find the new folio
and handle it correctly. The other ways of handling this rare race are
more complex and it's just not worth it.
Solution
References
- CVE-2022-49699
- https://attackerkb.com/topics/CVE-2022-49699
- CWE-476
- EUVD-EUVD-2022-54536
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-54536
- https://git.kernel.org/linus/cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82
- https://git.kernel.org/stable/c/a66f131d30e53000f08301776bf85c912ef47aad
- https://git.kernel.org/stable/c/cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82
- https://www.cve.org/CVERecord?id=CVE-2022-49699
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.