CVE-2022-50285

Published Sep 15, 2025

Last updated 5 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge_pages counters are protected by the hugetlb_lock, but alloc_huge_page has a corner case where it can decrement the counter outside of the lock. This could lead to a corrupted value of h->resv_huge_pages, which we have observed on our systems. Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a potential race.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CF47D28E-796E-4BEE-9395-DFE8AAAAF5A0",
            "versionEndExcluding": "4.4",
            "versionStartIncluding": "4.3.6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "016ED7FD-8367-433E-AC2A-749CAB589F89",
            "versionEndExcluding": "4.9.332",
            "versionStartIncluding": "4.4.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "7140B9A2-EB63-497C-96B1-68A96CD99051",
            "versionEndExcluding": "4.14.298",
            "versionStartIncluding": "4.10",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8AE23A9F-BF98-4055-AA49-02118B96226D",
            "versionEndExcluding": "4.19.264",
            "versionStartIncluding": "4.15",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "7FE3F72A-5992-4ABB-A961-F834281060A9",
            "versionEndExcluding": "5.4.223",
            "versionStartIncluding": "4.20",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "62052E35-0E91-4164-BB92-83270CEA0113",
            "versionEndExcluding": "5.10.153",
            "versionStartIncluding": "5.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "918A4953-6F82-40F5-B7A9-9836905139C1",
            "versionEndExcluding": "5.15.76",
            "versionStartIncluding": "5.11",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "98F5FA4A-A33F-4FAD-894E-FDC9D295742A",
            "versionEndExcluding": "6.0.6",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.4:-:*:*:*:*:*:*",
            "matchCriteriaId": "A244C4E3-A56C-4F7D-91FF-441A3A51AE9E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.4:rc5:*:*:*:*:*:*",
            "matchCriteriaId": "48D4FDF4-7ECF-4B68-87F9-58E3D8E6181B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.4:rc6:*:*:*:*:*:*",
            "matchCriteriaId": "5DE43D99-452A-43FD-A459-B33D07B2CA7E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.4:rc7:*:*:*:*:*:*",
            "matchCriteriaId": "FF58DB97-7EA1-4528-AF9D-DAB0D66641DB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:4.4:rc8:*:*:*:*:*:*",
            "matchCriteriaId": "AD811782-D76C-4CC9-9F00-BFE7E258362F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References