CVE-2022-48986:A bug in the Linux kernel’s memory-management path for dax mappings could lead to a general protection fault and kernel panic, triggered under certain direct-I/O scenarios. The fix updates gup_pud_range() for dax (aligning with the prior gup_pmd_range() fix) to properly handle devmap-backed huge PUDs even when hugetlb is not configured. The patch has been applied to multiple supported kernel versions, and upgrading to a kernel release containing the fix mitigates the issue.

splash
Back

Description Preview

In the Linux kernel, the gup_pud_range() handling for dax mappings could misbehave because pud_huge() returns true on x86 for dax puds, and dax does not depend on hugetlb. While a prior commit fixed gup_pmd_range() for dax and addressed devmap-backed huge PMDs, it inadvertently missed devmap-backed huge PUDs. This omission could provoke a general protection fault (kernel panic) such as an invalid non-canonical address during direct I/O paths (e.g., get_user_pages_fast, iov_iter_get_pages, and related I/O submission flows). The resolved patch ensures correct paging range handling for dax puds, preventing the described kernel panic and stabilizing direct I/O workloads that rely on dax mappings.

Overview

This advisory describes a Linux kernel memory-management bug in the handling of dax mappings, specifically in the gup_pud_range() function. The issue caused incorrect handling of devmap-backed huge PUDs, which could trigger a kernel panic with non-canonical addresses during direct I/O workflows. A patch were introduced to fix gup_pud_range() for dax (complementing an earlier fix for gup_pmd_range()), ensuring correct behavior regardless of hugetlb configuration. The fix has been included in multiple stable releases and should be addressed by updating to a kernel version that contains the patch.

Remediation

  • Upgrade the kernel to a version that includes the fix for gup_pud_range() for dax (apply the patch referenced by the commits listed in the advisory). Examples of affected-to-unaffected progressions include updating to:
    • 5.4.227 or newer
    • 5.10.159 or newer
    • 5.15.83 or newer
    • 6.0.13 or newer
    • 6.1 or newer (Your distro’s security or kernel update channel should provide an appropriate patched release.)
  • After upgrading, reboot and verify the new kernel is running:
    • Run uname -r to confirm the updated version.
  • Validate affected workloads:
    • If you use dax mappings with I/O paths (e.g., direct I/O, iov_iter paths, io_uring), monitor for stability and absence of the previously observed kernel panic.
  • If upgrading is not feasible in the short term:
    • Consider backporting the patch to your current kernel tree, or applying vendor-provided backported security updates that include this fix.
    • Minimize exposure by validating kernel configurations and workload patterns that could trigger the issue, though upgrading remains the recommended remedy.
  • Test thoroughly in a staging environment before deploying to production, as kernel changes can affect low-level I/O and memory management behavior.

References

  • https://git.kernel.org/stable/c/04edfa3dc06ecfc6133a33bc7271298782dee875
  • https://git.kernel.org/stable/c/f1cf856123ceb766c49967ec79b841030fa1741f
  • https://git.kernel.org/stable/c/3ac29732a2ffa64c7de13a072b0f2848b9c11037
  • https://git.kernel.org/stable/c/e06d13c36ded750c72521b600293befebb4e56c5
  • https://git.kernel.org/stable/c/fcd0ccd836ffad73d98a66f6fea7b16f735ea920

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  3. Public Administration: Medium
    Public Administration
  4. Professional, Scientific, & Technical Services: Medium
    Professional, Scientific, & Technical Services
  5. Finance and Insurance: Low
    Finance and Insurance
  6. Retail Trade: Low
    Retail Trade
  7. Educational Services: Low
    Educational Services
  8. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  9. Transportation & Warehousing: Low
    Transportation & Warehousing
  10. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  11. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  12. Utilities: Low
    Utilities
  13. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  14. Information: Low
    Information
  15. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  16. Accommodation & Food Services: Low
    Accommodation & Food Services
  17. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  18. Construction: Low
    Construction
  19. Mining: Low
    Mining
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background