LiveActive security incident?Get immediate response
CVE Record

CVE-2022-48659: mm/slub: fix to return errno if kmalloc() fails

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335 kmem_cache_create+0x1c/0x28 mm/slab_common.c:390 f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline] f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808 f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149 mount_bdev+0x1b8/0x210 fs/super.c:1400 f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512 legacy_get_tree+0x30/0x74 fs/fs_context.c:610 vfs_get_tree+0x40/0x140 fs/super.c:1530 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x914 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel availability flaw. If a specific memory allocation fails, the kernel could crash instead of returning an error. The public sources support a denial-of-service concern, not data theft or remote code execution.

Executive priority

Treat this as a stability and availability issue. Patch through normal kernel maintenance, with higher priority for shared Linux hosts, storage systems, and environments exposed to untrusted local users.

Technical view

In mm/slub create_unique_id(), a failing kmalloc(..., GFP_KERNEL) could reach BUG_ON() and trigger a kernel Oops. The cited trace shows this through slab cache creation during an f2fs mount path. Stable kernel commits change the behavior to return errno correctly.

Likely exposure

Exposure is limited to systems running affected Linux kernel versions or unfixed downstream builds. The bundle lists Linux kernels from 2.6.22 through several stable branches as affected. Distribution-specific package status is not provided.

Exploitation context

No KEV listing is present, and the source bundle does not cite active exploitation. Evidence indicates a crash condition when memory allocation fails during kernel slab cache creation, not a confirmed remotely exploitable issue.

Researcher notes

The evidence is narrow: a kmalloc failure in create_unique_id() led to BUG_ON-triggered panic. The provided call trace involves f2fs, but the fix is in mm/slub, so validation should focus on kernel patch status rather than only f2fs usage.

Mitigation direction

  • Update to a kernel build containing the referenced stable fixes.
  • Check Linux distribution advisories for the exact fixed package version.
  • Prioritize systems where local users can mount filesystems or trigger kernel cache creation.
  • Monitor hosts for kernel Oops or panic events matching mm/slub or sysfs_slab_add.

Validation and detection

  • Inventory running kernel versions across Linux servers and appliances.
  • Map each kernel to vendor advisories or the referenced stable commits.
  • Review crash logs for BUG_ON, mm/slub, sysfs_slab_add, or f2fs mount traces.
  • Confirm patched systems no longer match the affected kernel version range.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-48659 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225, 81819f0fc8285a2a5a921c019e3e3d7b6169d225unaffected
LinuxLinux2.6.22, 0, 4.9.330, 4.14.295, 4.19.260, 5.4.215, 5.10.146, 5.15.71, 5.19.12, 6.0affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.