Login Sign Up

CVE-2022-49077

5.5 MEDIUM
Denial of Service

📋 TL;DR

A Linux kernel vulnerability where mremap() with old_size=0 triggers unnecessary invalidate_range_start/end calls, causing a WARN in KVM's mmu_notifier. This affects Linux systems using KVM virtualization. The issue is triggered by userspace making improper syscalls.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches available for multiple stable branches.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires KVM virtualization to be enabled and used. Impact limited to systems where mremap() with old_size=0 is called.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel warning/panic leading to system instability or denial of service for virtualized environments.

🟠

Likely Case

Kernel warning messages in logs, potential performance degradation in KVM hosts.

🟢

If Mitigated

Minor log noise with no significant operational impact.

🌐 Internet-Facing: LOW - Requires local access and specific syscall invocation.
🏢 Internal Only: LOW - Requires local user access and specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and ability to trigger specific mremap() syscall conditions. Primarily a stability/DoS issue rather than privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 01e67e04c28170c47700c2c226d732bbfedb1ad0, 04bc13dae4a27b8d030843c85ae452bb2f1d9c1f, 2358aa84ef6dafcf544a557caaa6b91afb4a0bd2, 7d659cb1763ff17d1c6ee082fa6feb4267c7a30b, a04cb99c5d4668fe3f5c0e5b6da1cecd34c3f219

Vendor Advisory: https://git.kernel.org/stable/c/01e67e04c28170c47700c2c226d732bbfedb1ad0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable KVM if not needed

linux

Remove KVM kernel modules to prevent mmu_notifier warnings

modprobe -r kvm_intel kvm_amd kvm
echo 'blacklist kvm' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Monitor kernel logs for WARN messages related to mmu_notifier
  • Restrict user access to prevent unnecessary mremap() syscalls

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions in git commits. Look for WARN messages in dmesg related to mmu_notifier.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include one of the fix commits. Test by attempting to trigger mremap() with old_size=0 and checking logs.

📡 Detection & Monitoring

Log Indicators:

  • Kernel WARN messages containing 'mmu_notifier' or 'invalidate_range'

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND "WARN" AND ("mmu_notifier" OR "invalidate_range")

📊 Metadata

CVE ID: CVE-2022-49077
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-193
EPSS Score: 0.05% exploit probability (16.2th percentile)
Published: February 26, 2025
Last Updated: October 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49077, you might also want to check these:

CVE-2024-10442 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on affected Synology s...

Same vulnerability type (CWE-193)
CVE-2023-46853 9.8

This CVE describes an off-by-one error in Memcached proxy mode when processing requests with newline...

Same vulnerability type (CWE-193)
CVE-2024-38441 9.8

This CVE describes a heap-based buffer overflow vulnerability in Netatalk's AFP service due to an of...

Same vulnerability type (CWE-193)