CVE-2022-49782: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49782 is a vulnerability discovered in the Linux kernel's performance monitoring subsystem (perf). The issue was published to the CVE List and included in the NVD dataset on May 1, 2025. The vulnerability specifically affects the perf subsystem's SIGTRAP checking mechanism (NVD).

The vulnerability occurs in the _perfeventoverflow() function where a WARN is triggered if pendingsigtrap was already set. The issue manifests when events not associated with progress in the user space task can fire and the interrupt handler runs before the IRQ work meant to consume pendingsigtrap. This was demonstrated through a program with event type PERFTYPESOFTWARE and config PERFCOUNTSWCPU_CLOCK, where the hrtimer could fire again before the IRQ work got a chance to run, while never having returned to user space (NVD).

When exploited, this vulnerability could cause the kernel to generate warning messages and potentially lead to system instability, specifically affecting the kernel's performance monitoring subsystem and its handling of software-based CPU clock events (Wiz).

The vulnerability has been addressed by improving the WARN check to verify real progress in user space. The fix involves storing a 32-bit hash of the current IP into pendingsigtrap, and if an event fires while pendingsigtrap still matches the previous IP, it assumes no progress has been made. While this approach may have false negatives due to possible returns to the same IP, it provides a more robust detection mechanism (NVD).