{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49828","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-05-01T14:05:17.228Z","datePublished":"2025-05-01T14:09:47.443Z","dateUpdated":"2026-05-11T19:07:33.531Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:07:33.531Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlbfs: don't delete error page from pagecache\n\nThis change is very similar to the change that was made for shmem [1], and\nit solves the same problem but for HugeTLBFS instead.\n\nCurrently, when poison is found in a HugeTLB page, the page is removed\nfrom the page cache.  That means that attempting to map or read that\nhugepage in the future will result in a new hugepage being allocated\ninstead of notifying the user that the page was poisoned.  As [1] states,\nthis is effectively memory corruption.\n\nThe fix is to leave the page in the page cache.  If the user attempts to\nuse a poisoned HugeTLB page with a syscall, the syscall will fail with\nEIO, the same error code that shmem uses.  For attempts to map the page,\nthe thread will get a BUS_MCEERR_AR SIGBUS.\n\n[1]: commit a76054266661 (\"mm: shmem: don't truncate page if memory failure happens\")"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hugetlbfs/inode.c","mm/hugetlb.c","mm/memory-failure.c"],"versions":[{"version":"78bb920344b8a6f04b79a7c254041723b931c94f","lessThan":"30571f28bb35c826219971c63bcf60d2517112ed","status":"affected","versionType":"git"},{"version":"78bb920344b8a6f04b79a7c254041723b931c94f","lessThan":"ec667443b2dbc6cdbbac4073e51a17733158ec6a","status":"affected","versionType":"git"},{"version":"78bb920344b8a6f04b79a7c254041723b931c94f","lessThan":"8625147cafaa9ba74713d682f5185eb62cb2aedb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/hugetlbfs/inode.c","mm/hugetlb.c","mm/memory-failure.c"],"versions":[{"version":"4.13","status":"affected"},{"version":"0","lessThan":"4.13","status":"unaffected","versionType":"semver"},{"version":"5.15.80","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.10","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"5.15.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed"},{"url":"https://git.kernel.org/stable/c/ec667443b2dbc6cdbbac4073e51a17733158ec6a"},{"url":"https://git.kernel.org/stable/c/8625147cafaa9ba74713d682f5185eb62cb2aedb"}],"title":"hugetlbfs: don't delete error page from pagecache","x_generator":{"engine":"bippy-1.2.0"}}}}