List Corruption Vulnerability in Linux Kernel Affecting fbdev Component
CVE-2022-49511

Currently unrated

Key Information:

Vendor: WordPress
Status: Linux
Vendor: CVE Published:; 26 February 2025

Summary

A vulnerability in the Linux kernel's fbdev component allows for list corruption due to race conditions during deferred I/O operations. When one process adds a page to the pagelist's tail while another re-initializes the same page's list without appropriate locking mechanisms, data corruption can occur. This issue originates from improper initialization of page lists, which has been remedied by ensuring all page lists are initialized during the setup phase. The fix not only resolves the corruption issue but also streamlines the initialization process, preventing redundant actions.

Affected Version(s)

Linux 5d3aff76a3165087b0f897c0d677dfa987d9875d

Linux 105a940416fc622406653b6fe54732897642dfbc < 6a9ae2fe887042f76fd3d334349e64e8ab3c55a2

Linux 105a940416fc622406653b6fe54732897642dfbc < 856082f021a28221db2c32bd0531614a8382be67

References

https://git.kernel.org/stable/c/e79b2b2aadeffe1db54a6b569...

https://git.kernel.org/stable/c/6a9ae2fe887042f76fd3d3343...

https://git.kernel.org/stable/c/856082f021a28221db2c32bd0...

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025