GHSA-QX25-M2GM-9QRC

Vulnerability from github – Published: 2025-10-14 21:30 – Updated: 2025-10-14 21:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)

If an mremap() syscall with old_size=0 ends up in move_page_tables(), it will call invalidate_range_start()/invalidate_range_end() unnecessarily, i.e. with an empty range.

This causes a WARN in KVM's mmu_notifier. In the past, empty ranges have been diagnosed to be off-by-one bugs, hence the WARNing. Given the low (so far) number of unique reports, the benefits of detecting more buggy callers seem to outweigh the cost of having to fix cases such as this one, where userspace is doing something silly. In this particular case, an early return from move_page_tables() is enough to fix the issue.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)\n\nIf an mremap() syscall with old_size=0 ends up in move_page_tables(), it\nwill call invalidate_range_start()/invalidate_range_end() unnecessarily,\ni.e.  with an empty range.\n\nThis causes a WARN in KVM\u0027s mmu_notifier.  In the past, empty ranges\nhave been diagnosed to be off-by-one bugs, hence the WARNing.  Given the\nlow (so far) number of unique reports, the benefits of detecting more\nbuggy callers seem to outweigh the cost of having to fix cases such as\nthis one, where userspace is doing something silly.  In this particular\ncase, an early return from move_page_tables() is enough to fix the\nissue.",
  "id": "GHSA-qx25-m2gm-9qrc",
  "modified": "2025-10-14T21:30:25Z",
  "published": "2025-10-14T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49077"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01e67e04c28170c47700c2c226d732bbfedb1ad0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04bc13dae4a27b8d030843c85ae452bb2f1d9c1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2358aa84ef6dafcf544a557caaa6b91afb4a0bd2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7d659cb1763ff17d1c6ee082fa6feb4267c7a30b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a04cb99c5d4668fe3f5c0e5b6da1cecd34c3f219"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a05540f3903bd8295e8c4cd90dd3d416239a115b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c19d8de4e682ec4b0ea2b04a832cd8cc0be3bb31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2c328c2a8f9de8b761bd4025b66c63120c55761"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eeaf28e2a0128147d687237e59d5407ee1b14693"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.