CVE-2022-49991 in Linux
Summary
by MITRE • 06/18/2025
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page cache are installed in the ptes. But hugepage_add_new_anon_rmap is called for them mistakenly because they're not vm_shared. This will corrupt the page->mapping used by page cache code.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 11/30/2025
The vulnerability described in CVE-2022-49991 resides within the Linux kernel's memory management subsystem, specifically in the huge page transparent huge page (THP) implementation. This flaw affects the hugetlb_mcopy_atomic_pte function which handles memory copy operations for huge pages. The issue manifests when processing MCOPY_ATOMIC_CONTINUE cases involving non-shared virtual memory areas, creating a critical inconsistency in how page cache references are managed. The vulnerability represents a classic case of improper memory management where kernel code incorrectly assumes certain conditions about page ownership and sharing characteristics, leading to fundamental data structure corruption.
The technical root cause stems from a logical error in the kernel's page mapping management where the hugepage_add_new_anon_rmap function is invoked incorrectly for pages that are not actually shared. This function is designed to handle anonymous page mapping operations but is being called inappropriately for pages that should remain under the control of the page cache subsystem. When this happens, the page->mapping field becomes corrupted, which serves as a critical reference point for page cache operations and memory management decisions. The corruption occurs because the kernel code fails to properly distinguish between shared and non-shared virtual memory areas during atomic memory copy operations, leading to improper page reference counting and mapping state management.
The operational impact of this vulnerability is severe as it compromises the integrity of the kernel's memory management subsystem. When page->mapping becomes corrupted, subsequent page cache operations may fail, leading to memory corruption, system instability, or potential privilege escalation opportunities. The vulnerability affects systems that utilize transparent huge pages and atomic memory copy operations, which are common in high-performance computing environments and server workloads. Attackers could potentially exploit this to cause system crashes, data corruption, or gain elevated privileges by manipulating memory mapping structures. This type of vulnerability falls under CWE-121, which addresses buffer overflow conditions, and specifically relates to improper handling of memory mapping structures.
Mitigation strategies for CVE-2022-49991 involve applying the official kernel patches that correct the logic flow in the hugetlb_mcopy_atomic_pte function. The fix ensures that hugepage_add_new_anon_rmap is only called for pages that actually require anonymous mapping operations, properly distinguishing between shared and non-shared virtual memory areas. System administrators should prioritize applying these patches to all affected kernel versions, particularly in production environments where transparent huge pages are actively used. Monitoring for memory-related system crashes or unexpected behavior in applications that rely heavily on huge page support is recommended. Additionally, organizations should consider implementing kernel hardening measures such as kernel page table isolation and other memory protection mechanisms that can help contain the impact of similar memory corruption vulnerabilities. The ATT&CK framework would categorize this as a memory corruption technique under the system binary modification tactic, potentially enabling privilege escalation and system stability compromise.