CVE-2022-49882

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the KVM (Kernel-based Virtual Machine) component. The issue arises when the gfn to pfn cache is inactive, and KVM fails to check the active flag during refresh, leading to potential use-after-free bugs. A race condition between KVM XEN ATTR TYPE SHARED INFO and KVM XEN HVM EVTCHN SEND can be exploited to trigger the bug. This can result in KVM ending up with a valid, inactive cache, causing errors such as consuming a NULL kernel pointer or missing an mmu notifier invalidation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.