PT-2025-8444 · Linux+4 · Linux Kernel+4

Published

2022-03-18

Updated

2025-09-29

CVE-2022-49511

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, related to the fbdev component, specifically in the defio module. The issue arises from a race condition between two processes, one adding a page to the pagelist tail in fb deferred io mkwrite(), and another re-initializing the same page in fb deferred io fault(), without proper lock protection. This can lead to list corruption, as indicated by a warning message and a call trace. The vulnerability is resolved by initializing all page lists during initialization, which not only fixes the list corruption but also avoids redundant INIT LIST HEAD() calls.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-99CWE-665

Related Identifiers

ALSA-2025_16880

BDU:2026-03288

CESA-2023_2951

CVE-2022-49511

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8444 · Linux+4 · Linux Kernel+4

CVE-2022-49511

Weakness Enumeration

Related Identifiers

Affected Products

References · 1304