ghsa-88qm-w86g-vvrp
Vulnerability from github
Published
2025-10-21 12:31
Modified
2025-10-21 12:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

dax: make sure inodes are flushed before destroy cache

A bug can be triggered by following command

$ modprobe nd_pmem && modprobe -r nd_pmem

[ 10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_shutdown() [ 10.060938] Slab 0x0000000085b729ac objects=9 used=1 fp=0x000000004f5ae469 flags=0x200000000010200(slab|head|node) [ 10.062433] Call Trace: [ 10.062673] dump_stack_lvl+0x34/0x44 [ 10.062865] slab_err+0x90/0xd0 [ 10.063619] __kmem_cache_shutdown+0x13b/0x2f0 [ 10.063848] kmem_cache_destroy+0x4a/0x110 [ 10.064058] __x64_sys_delete_module+0x265/0x300

This is caused by dax_fs_exit() not flushing inodes before destroy cache. To fix this issue, call rcu_barrier() before destroy cache.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49220"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: make sure inodes are flushed before destroy cache\n\nA bug can be triggered by following command\n\n$ modprobe nd_pmem \u0026\u0026 modprobe -r nd_pmem\n\n[   10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_shutdown()\n[   10.060938] Slab 0x0000000085b729ac objects=9 used=1 fp=0x000000004f5ae469 flags=0x200000000010200(slab|head|node)\n[   10.062433] Call Trace:\n[   10.062673]  dump_stack_lvl+0x34/0x44\n[   10.062865]  slab_err+0x90/0xd0\n[   10.063619]  __kmem_cache_shutdown+0x13b/0x2f0\n[   10.063848]  kmem_cache_destroy+0x4a/0x110\n[   10.064058]  __x64_sys_delete_module+0x265/0x300\n\nThis is caused by dax_fs_exit() not flushing inodes before destroy cache.\nTo fix this issue, call rcu_barrier() before destroy cache.",
  "id": "GHSA-88qm-w86g-vvrp",
  "modified": "2025-10-21T12:31:23Z",
  "published": "2025-10-21T12:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49220"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/770d42fff12d8595adda9025a0b92091f543e775"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a7e8de822e0b1979f08767c751f6c8a9c1d4ad86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b786abe7c67c6ef71410c8e23292b3091d616ad1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2951eaa9398415ac054b7bd80b8163b6838ead4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec376f5c11c88c0215d173599db8449cd4196759"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2a1e0eb70c2d954176c07d75d28742bde30e9f3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.