| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.17.2. This issue affects the function mpol_new. Performing a manipulation results in initialization.
This vulnerability was named CVE-2022-49080. There is no available exploit.
It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.17.2. This affects the function mpol_new. The manipulation with an unknown input leads to a initialization vulnerability. CWE is classifying the issue as CWE-665. The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will be freed via mpol_put before returning to the caller. But refcnt is not initialized yet, so mpol_put could not do the right things and might leak the unused mpol_new. This would happen if mempolicy was updated on the shared shmem file while the sp->lock has been dropped during the memory allocation. This issue could be triggered easily with the below code snippet if there are many processes doing the below work at the same time: shmid = shmget((key_t)5566, 1024 * PAGE_SIZE, 0666|IPC_CREAT); shm = shmat(shmid, 0, 0); loop many times { mbind(shm, 1024 * PAGE_SIZE, MPOL_LOCAL, mask, maxnode, 0); mbind(shm + 128 * PAGE_SIZE, 128 * PAGE_SIZE, MPOL_DEFAULT, mask, maxnode, 0); }
It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2022-49080 since 02/26/2025. The exploitability is told to be easy. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 232635 (SUSE SLES15 Security Update : kernel (SUSE-SU-2025:0833-2)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 4.9.311, 4.14.276, 4.19.238, 5.4.189, 5.10.111, 5.15.34, 5.16.20 or 5.17.3 eliminates this vulnerability. Applying the patch 8510c2346d9e47a72b7f018a36ef0c39483e53d6/5e16dc5378abd749a836daa9ee4ab2c8d2668999/39a32f3c06f6d68a530bf9612afa19f50f12e93d/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894/198932a14aeb19a15cf19e51e151d023bc4cd648/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21/fe39ac59dbbf893b73b24e3184161d0bd06d6651/4ad099559b00ac01c3726e5c95dc3108ef47d03e is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (232635) and EUVD (EUVD-2022-55124). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
- 4.9.310
- 4.14.275
- 4.19.237
- 5.4.188
- 5.10.110
- 5.15.0
- 5.15.1
- 5.15.2
- 5.15.3
- 5.15.4
- 5.15.5
- 5.15.6
- 5.15.7
- 5.15.8
- 5.15.9
- 5.15.10
- 5.15.11
- 5.15.12
- 5.15.13
- 5.15.14
- 5.15.15
- 5.15.16
- 5.15.17
- 5.15.18
- 5.15.19
- 5.15.20
- 5.15.21
- 5.15.22
- 5.15.23
- 5.15.24
- 5.15.25
- 5.15.26
- 5.15.27
- 5.15.28
- 5.15.29
- 5.15.30
- 5.15.31
- 5.15.32
- 5.15.33
- 5.16.0
- 5.16.1
- 5.16.2
- 5.16.3
- 5.16.4
- 5.16.5
- 5.16.6
- 5.16.7
- 5.16.8
- 5.16.9
- 5.16.10
- 5.16.11
- 5.16.12
- 5.16.13
- 5.16.14
- 5.16.15
- 5.16.16
- 5.16.17
- 5.16.18
- 5.16.19
- 5.17.0
- 5.17.1
- 5.17.2
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: InitializationCWE: CWE-665
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 232635
Nessus Name: SUSE SLES15 Security Update : kernel (SUSE-SU-2025:0833-2)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 4.9.311/4.14.276/4.19.238/5.4.189/5.10.111/5.15.34/5.16.20/5.17.3
Patch: 8510c2346d9e47a72b7f018a36ef0c39483e53d6/5e16dc5378abd749a836daa9ee4ab2c8d2668999/39a32f3c06f6d68a530bf9612afa19f50f12e93d/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894/198932a14aeb19a15cf19e51e151d023bc4cd648/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21/fe39ac59dbbf893b73b24e3184161d0bd06d6651/4ad099559b00ac01c3726e5c95dc3108ef47d03e
Timeline
02/26/2025 🔍02/26/2025 🔍
02/26/2025 🔍
09/24/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2022-49080 (🔍)
GCVE (CVE): GCVE-0-2022-49080
GCVE (VulDB): GCVE-100-297543
EUVD: 🔍
Entry
Created: 02/26/2025 12:11Updated: 09/24/2025 03:04
Changes: 02/26/2025 12:11 (57), 03/12/2025 12:27 (2), 09/24/2025 01:49 (11), 09/24/2025 03:04 (1)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.