CVE-2022-49210

MIPS: pgalloc: fix memory leak caused by pgd_free()

Description

In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgd_free() pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"), however, there are scenarios that the system uses more than one page as the pgd table, in such cases the generic implementation pgd_free() won't be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and MIPS_VA_BITS_48 is not enabled in a 64bit system, the macro "PGD_ORDER" will be set as "1", which will cause allocating two pages as the pgd table. Well, at the same time, the generic implementation pgd_free() just free one pgd page, which will result in the memory leak. The memory leak can be easily detected by executing shell command: "while true; do ls > /dev/null; grep MemFree /proc/meminfo; done"

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0 patch
https://git.kernel.org/stable/c/d29cda15cab086d82d692de016f7249545d4b6b4 patch
https://git.kernel.org/stable/c/5a8501d34b261906e4c76ec9da679f2cb4d309ed patch
https://git.kernel.org/stable/c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1 patch
https://git.kernel.org/stable/c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97 patch

Frequently Asked Questions

What is the severity of CVE-2022-49210?
CVE-2022-49210 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49210?
To fix CVE-2022-49210, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49210 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49210 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49210?
CVE-2022-49210 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.