CVE-2022-49052: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49052 is a vulnerability in the Linux kernel's memory management subsystem, specifically affecting the zram swap functionality. The issue was discovered in February 2025 and involves unexpected zeroed page mapping that can occur when two processes under CLONE_VM cloning interact with the swap system. This vulnerability can lead to user process corruption by causing processes to see zeroed pages unexpectedly (Kernel Git).

The vulnerability stems from a race condition in the swapslotfreenotify function. When two processes under CLONEVM cloning access the swap system simultaneously, one process can receive zeroed (invalid) data instead of the expected valid data. This occurs because the swapslotfreenotify function doesn't properly increase the refcount of swap slot at copymm, making it unable to determine whether it's safe to discard data from the backing device. The only synchronization mechanism available is the page table lock (Red Hat).

When exploited, this vulnerability can cause user processes to become corrupted by seeing zeroed pages unexpectedly. This affects data integrity and can lead to unexpected behavior in applications using shared memory through CLONE_VM. The issue is particularly impactful in systems using zram for swap space (NVD).

The issue has been fixed by removing the swapslotfreenotify function entirely. While this solution might slightly increase memory consumption due to keeping wasted memory with compressed form in zram as well as uncompressed form in address space, the impact is minimal since most zram uses no readahead and doswappage is followed by swapfree, which quickly frees the compressed form from zram (Kernel Git).