Linux Kernel up to 6.0.7 KVM kvm_gfn_to_pfn_cache_init initialization

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 6.0.7. It has been rated as problematic. Affected is the function kvm_gfn_to_pfn_cache_init of the component KVM. This manipulation causes initialization.
This vulnerability appears as CVE-2022-49884. There is no available exploit.
Upgrading the affected component is advised.
Details
A vulnerability was found in Linux Kernel up to 6.0.7. It has been declared as problematic. Affected by this vulnerability is the function kvm_gfn_to_pfn_cache_init of the component KVM. The manipulation with an unknown input leads to a initialization vulnerability. The CWE definition for the vulnerability is CWE-665. The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvm_gfn_to_pfn_cache_init()'s ability to re-initialize the cache's locks. For example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and kvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock. (thread 1) | (thread 2) | kvm_xen_set_evtchn_fast | read_lock_irqsave(&gpc->lock, ...) | | kvm_gfn_to_pfn_cache_init | rwlock_init(&gpc->lock) read_unlock_irqrestore(&gpc->lock, ...) | Rename "cache_init" and "cache_destroy" to activate+deactivate to avoid implying that the cache really is destroyed/freed. Note, there more races in the newly named kvm_gpc_activate() that will be addressed separately. [sean: call out that this is a bug fix]
It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2022-49884 since 05/01/2025. The exploitation appears to be difficult. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 6.0.8 eliminates this vulnerability. Applying the patch 61242001d6c9c253df7645dab090842d8da08764/52491a38b2c2411f3f0229dc6ad610349c704a41 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.6VulDB Meta Temp Score: 4.6
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.7
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: InitializationCWE: CWE-665
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.0.8
Patch: 61242001d6c9c253df7645dab090842d8da08764/52491a38b2c2411f3f0229dc6ad610349c704a41
Timeline
05/01/2025 🔍05/01/2025 🔍
05/01/2025 🔍
11/11/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2022-49884 (🔍)
GCVE (CVE): GCVE-0-2022-49884
GCVE (VulDB): GCVE-100-306943
Entry
Created: 05/01/2025 17:27Updated: 11/11/2025 00:04
Changes: 05/01/2025 17:27 (58), 11/11/2025 00:04 (11)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.