PT-2024-11851 · Linux+4 · Linux Kernel+4

John Starks

Published

2022-12-09

Updated

2026-02-12

CVE-2022-48986

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the gup pud range() function for dax. The issue occurs when pud huge() returns true on x86, but dax does not depend on hugetlb. This fix addresses a kernel panic caused by a general protection fault, probably for a non-canonical address. The call trace includes functions such as get user pages fast(), iov iter get pages(), and bio iov iter get pages().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-1066

BDU:2025-01680

CVE-2022-48986

OESA-2024-2324

USN-7988-1

USN-7988-2

USN-7988-3

USN-7988-4

USN-7988-5

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Red Os

Ubuntu

PT-2024-11851 · Linux+4 · Linux Kernel+4

CVE-2022-48986

Weakness Enumeration

Related Identifiers

Affected Products

References · 119