CVE-2022-49210: 
Linux Debian vulnerability analysis and mitigation

A memory leak vulnerability was discovered in the Linux kernel's MIPS architecture implementation, identified as CVE-2022-49210. The issue occurs in the pgdfree() function when handling page table directory (PGD) pages. The vulnerability was discovered when the generic implementation of pgdfree() failed to properly free all allocated pages in certain scenarios, particularly when the system uses more than one page as the PGD table (Kernel Git).

The vulnerability stems from a mismatch between page allocation and deallocation in the MIPS architecture's memory management system. When PAGESIZE4KB is enabled and MIPSVABITS48 is not enabled in a 64-bit system, the PGDORDER macro is set to "1", causing the allocation of two pages for the PGD table. However, the generic implementation of pgd_free() only frees one PGD page, resulting in a memory leak. The issue can be detected by monitoring system memory usage through the command: "while true; do ls > /dev/null; grep MemFree /proc/meminfo; done" (Kernel Git).

The vulnerability results in a continuous memory leak in affected systems, which can gradually consume available system memory over time. This can potentially lead to system performance degradation and resource exhaustion if left unaddressed (Kernel Git).

The issue has been resolved by implementing a proper pgdfree() function that correctly handles the freeing of multiple pages. The fix involves adding the _HAVEARCHPGDFREE definition and implementing a new pgdfree() function that uses the correct PGD_ORDER when freeing pages (Kernel Git).