PT-2025-8495 · Linux+3 · Linux Kernel+3

Published

2022-01-01

Updated

2026-05-26

CVE-2022-49562

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the KVM x86 component, where the update of guest PTE A/D bits was not properly handled. The VM PFNMAP path was flawed, assuming that vm pgoff is the base pfn of the mapped VMA range, which is incorrect as vm pgoff is the offset relative to the file. This led to accessing random pfns in most VM PFNMAP cases. The fix involves using the try cmpxchg user() function to update guest PTE A/D bits instead of mapping the PTE into kernel address space.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-310

Related Identifiers

ALSA-2025_16880

AZL-68690

BDU:2026-03697

CVE-2022-49562

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Debian

Linux Kernel

Red Hat

Suse

PT-2025-8495 · Linux+3 · Linux Kernel+3

CVE-2022-49562

Weakness Enumeration

Related Identifiers

Affected Products

References · 1338