vulnerability

Debian: CVE-2022-49001: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:S/C:C/I:C/A:C)	Oct 23, 2024	Oct 23, 2024	Aug 15, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

Oct 23, 2024

Added

Oct 23, 2024

Modified

Aug 15, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

riscv: fix race when vmap stack overflow

Currently, when detecting vmap stack overflow, riscv firstly switches
to the so called shadow stack, then use this shadow stack to call the
get_overflow_stack() to get the overflow stack. However, there's
a race here if two or more harts use the same shadow stack at the same
time.

To solve this race, we introduce spin_shadow_stack atomic var, which
will be swap between its own address and 0 in atomic way, when the
var is set, it means the shadow_stack is being used; when the var
is cleared, it means the shadow_stack isn't being used.

[Palmer: Add AQ to the swap, and also some comments.]

Solution

debian-upgrade-linux

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today