CVE-2022-49152

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version where the fix for xas create range() is included

Description A issue in the Linux kernel has been identified, related to the XArray function xas create range(). When an entry of order >= XA CHUNK SHIFT is already present, xas create range() misinterprets this entry as a node and attempts to dereference xa node->parent, typically resulting in a crash. This issue is deterministically reproducible and has been present since the introduction of xas create range(), although it may require specific conditions to occur in a live kernel.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that fixes xas create range() to resolve the issue. As a temporary workaround, restricting the use of multi-order entries in XArray may help minimize the risk of exploitation. However, the most effective solution is to update to a version of the Linux kernel where this issue has been addressed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.