CVE-2022-49210 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
MIPS: pgalloc: fix memory leak caused by pgd_free()
pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"), however, there are scenarios that the system uses more than one page as the pgd table, in such cases the generic implementation pgd_free() won't be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and MIPS_VA_BITS_48 is not enabled in a 64bit system, the macro "PGD_ORDER" will be set as "1", which will cause allocating two pages as the pgd table. Well, at the same time, the generic implementation pgd_free() just free one pgd page, which will result in the memory leak.
The memory leak can be easily detected by executing shell command: "while true; do ls > /dev/null; grep MemFree /proc/meminfo; done"
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/12/2025
The vulnerability CVE-2022-49210 represents a critical memory management flaw in the Linux kernel's MIPS architecture implementation, specifically within the page global directory (PGD) allocation and deallocation mechanisms. This issue stems from a mismatch between the generic memory management functions and architecture-specific requirements in MIPS systems. The problem manifests when the kernel attempts to free page global directory structures, which are essential components of the virtual memory management system that map virtual addresses to physical addresses. The vulnerability arises from the transition to a generic pgd_free() implementation that was introduced in commit f9cb654cb550, which fails to account for specific MIPS configurations where multiple pages may be required for PGD tables.
The technical flaw occurs in scenarios where the MIPS kernel operates with 4KB page sizes but does not enable 48-bit virtual addressing (MIPS_VA_BITS_48). Under these conditions, the PGD_ORDER macro is configured to allocate two pages for the PGD table structure instead of the single page that the generic pgd_free() function attempts to free. This discrepancy creates a memory leak where one page of the allocated PGD table remains unreleased, leading to gradual memory consumption over time. The vulnerability specifically impacts 64-bit MIPS systems where the kernel configuration enables PAGE_SIZE_4KB but disables MIPS_VA_BITS_48, creating a scenario where the architecture requires two pages for PGD structures while the generic implementation only frees one page, directly violating memory management principles and causing resource exhaustion.
The operational impact of this vulnerability extends beyond simple memory consumption issues to potentially destabilize systems running on MIPS architecture with the affected configurations. The memory leak accumulates over time, gradually depleting available system memory and potentially leading to system slowdowns, performance degradation, or even system crashes under memory pressure conditions. The vulnerability is particularly concerning in server environments or embedded systems where long-running processes and continuous memory allocation patterns amplify the memory leak effect. The detection methodology provided in the vulnerability description demonstrates the practical impact through a simple shell command that continuously triggers memory allocation and monitoring, making the leak readily observable through memory usage monitoring tools and system diagnostics.
This vulnerability aligns with CWE-401: "Improper Release of Memory Before Removing Last Reference" and represents a classic case of memory management inconsistency between generic kernel implementations and architecture-specific requirements. The issue also relates to ATT&CK technique T1490: "Inhibit System Recovery" through memory exhaustion attacks, where the gradual memory consumption could be leveraged to degrade system performance or availability. Mitigation strategies should focus on implementing architecture-specific pgd_free() functions that properly account for the number of pages allocated for PGD structures based on system configuration parameters. The fix requires careful consideration of the MIPS-specific memory allocation patterns and ensuring that memory deallocation routines match the allocation patterns exactly, preventing any potential for memory leaks in virtual memory management subsystems. System administrators should verify their kernel configurations and apply the appropriate patches that address the specific MIPS architecture requirements for PGD table management.