{"id":"CVE-2022-49778","summary":"arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud","details":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64/mm: fix incorrect file_map_count for non-leaf pmd/pud\n\nThe page table check trigger BUG_ON() unexpectedly when collapse hugepage:\n\n ------------[ cut here ]------------\n kernel BUG at mm/page_table_check.c:82!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Dumping ftrace buffer:\n    (ftrace buffer empty)\n Modules linked in:\n CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750\n Hardware name: linux,dummy-virt (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : page_table_check_clear.isra.0+0x258/0x3f0\n lr : page_table_check_clear.isra.0+0x240/0x3f0\n[...]\n Call trace:\n  page_table_check_clear.isra.0+0x258/0x3f0\n  __page_table_check_pmd_clear+0xbc/0x108\n  pmdp_collapse_flush+0xb0/0x160\n  collapse_huge_page+0xa08/0x1080\n  hpage_collapse_scan_pmd+0xf30/0x1590\n  khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8\n  khugepaged+0x338/0x518\n  kthread+0x278/0x2f8\n  ret_from_fork+0x10/0x20\n[...]\n\nSince pmd_user_accessible_page() doesn't check if a pmd is leaf, it\ndecrease file_map_count for a non-leaf pmd comes from collapse_huge_page().\nand so trigger BUG_ON() unexpectedly.\n\nFix this problem by using pmd_leaf() insteal of pmd_present() in\npmd_user_accessible_page(). Moreover, use pud_leaf() for\npud_user_accessible_page() too.","modified":"2026-04-02T08:27:55.555079Z","published":"2025-05-01T14:09:13.828Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49778.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2d458046df634088611d44fd77f45465e833ef78"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b47348fc0b18a78c96f8474cc90b7525ad1bbfe"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49778.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49778"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"42b2547137f5c974bb1bfd657c869fe96b96d86f"},{"fixed":"2d458046df634088611d44fd77f45465e833ef78"},{"fixed":"5b47348fc0b18a78c96f8474cc90b7525ad1bbfe"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49778.json"}}],"schema_version":"1.7.5"}