CVE-2022-49828 – A memory corruption vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2022-49828?

CVE-2022-49828 has a CVSS score of 5.5 (MEDIUM). A memory corruption vulnerability in the Linux kernel's HugeTLBFS subsystem where poisoned memory pages were incorrectly removed from the page cache. When exploited, this could cause applications to unknowingly use corrupted memory instead of receiving proper error notifications. This affects Linux systems using HugeTLBFS for large memory pages.

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's HugeTLBFS subsystem where poisoned memory pages were incorrectly removed from the page cache. When exploited, this could cause applications to unknowingly use corrupted memory instead of receiving proper error notifications. This affects Linux systems using HugeTLBFS for large memory pages.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using HugeTLBFS (huge pages). Requires memory poisoning conditions to be present.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to application crashes, data corruption, or potential privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Application instability, crashes, or data corruption when accessing poisoned huge pages.

🟢

If Mitigated

Applications receive proper EIO errors or SIGBUS signals when accessing poisoned pages, preventing silent corruption.

🌐 Internet-Facing: LOW - Requires local access and specific memory conditions.

🏢 Internal Only: MEDIUM - Local attackers or system processes could potentially exploit this to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access, ability to trigger memory poisoning, and specific conditions with HugeTLBFS usage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 30571f28bb35c826219971c63bcf60d2517112ed, 8625147cafaa9ba74713d682f5185eb62cb2aedb, or ec667443b2dbc6cdbbac4073e51a17733158ec6a

Vendor Advisory: https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable HugeTLBFS

linux

Disable huge page support if not required

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo 0 > /proc/sys/vm/nr_hugepages

🧯 If You Can't Patch

Monitor system logs for memory error messages and application crashes
Implement strict access controls to limit local user privileges

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if HugeTLBFS is enabled: cat /proc/meminfo | grep HugePages

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains fix commits or check with distribution-specific security tools

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory errors
Application crashes with SIGBUS signals
EIO errors in application logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("HugeTLB" OR "memory failure" OR "SIGBUS")

📊 Metadata

CVE ID: CVE-2022-49828

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (4.2th percentile)

Published: May 1, 2025

Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49828, you might also want to check these: