{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49220","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.292Z","datePublished":"2025-02-26T01:55:52.821Z","dateUpdated":"2025-05-04T08:32:44.211Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:32:44.211Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndax: make sure inodes are flushed before destroy cache\n\nA bug can be triggered by following command\n\n$ modprobe nd_pmem && modprobe -r nd_pmem\n\n[   10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_shutdown()\n[   10.060938] Slab 0x0000000085b729ac objects=9 used=1 fp=0x000000004f5ae469 flags=0x200000000010200(slab|head|node)\n[   10.062433] Call Trace:\n[   10.062673]  dump_stack_lvl+0x34/0x44\n[   10.062865]  slab_err+0x90/0xd0\n[   10.063619]  __kmem_cache_shutdown+0x13b/0x2f0\n[   10.063848]  kmem_cache_destroy+0x4a/0x110\n[   10.064058]  __x64_sys_delete_module+0x265/0x300\n\nThis is caused by dax_fs_exit() not flushing inodes before destroy cache.\nTo fix this issue, call rcu_barrier() before destroy cache."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/dax/super.c"],"versions":[{"version":"7b6be8444e0f0dd675b54d059793423d3c9b4c03","lessThan":"770d42fff12d8595adda9025a0b92091f543e775","status":"affected","versionType":"git"},{"version":"7b6be8444e0f0dd675b54d059793423d3c9b4c03","lessThan":"ec376f5c11c88c0215d173599db8449cd4196759","status":"affected","versionType":"git"},{"version":"7b6be8444e0f0dd675b54d059793423d3c9b4c03","lessThan":"e2951eaa9398415ac054b7bd80b8163b6838ead4","status":"affected","versionType":"git"},{"version":"7b6be8444e0f0dd675b54d059793423d3c9b4c03","lessThan":"f2a1e0eb70c2d954176c07d75d28742bde30e9f3","status":"affected","versionType":"git"},{"version":"7b6be8444e0f0dd675b54d059793423d3c9b4c03","lessThan":"b786abe7c67c6ef71410c8e23292b3091d616ad1","status":"affected","versionType":"git"},{"version":"7b6be8444e0f0dd675b54d059793423d3c9b4c03","lessThan":"a7e8de822e0b1979f08767c751f6c8a9c1d4ad86","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/dax/super.c"],"versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","status":"unaffected","versionType":"semver"},{"version":"5.4.189","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.110","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.33","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.19","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.2","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.4.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.10.110"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.15.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.16.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.17.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/770d42fff12d8595adda9025a0b92091f543e775"},{"url":"https://git.kernel.org/stable/c/ec376f5c11c88c0215d173599db8449cd4196759"},{"url":"https://git.kernel.org/stable/c/e2951eaa9398415ac054b7bd80b8163b6838ead4"},{"url":"https://git.kernel.org/stable/c/f2a1e0eb70c2d954176c07d75d28742bde30e9f3"},{"url":"https://git.kernel.org/stable/c/b786abe7c67c6ef71410c8e23292b3091d616ad1"},{"url":"https://git.kernel.org/stable/c/a7e8de822e0b1979f08767c751f6c8a9c1d4ad86"}],"title":"dax: make sure inodes are flushed before destroy cache","x_generator":{"engine":"bippy-1.2.0"}}}}