Login Sign Up

CVE-2022-49097

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE addresses a denial-of-service vulnerability in the Linux kernel's NFS writeback mechanism. In low memory conditions, NFS writeback threads could get stuck in infinite loops in mempool_alloc(), potentially causing system hangs or performance degradation. This affects Linux systems using NFS for file sharing.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected kernel versions not explicitly stated in CVE; check kernel commit history for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with NFS (Network File System) enabled and under low memory conditions.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system hang or crash due to kernel threads stuck in infinite loops, leading to denial of service for all services on the affected system.

🟠

Likely Case

Performance degradation or temporary unresponsiveness of NFS services during memory pressure situations, potentially affecting file operations.

🟢

If Mitigated

Minimal impact with proper memory management and monitoring in place; system may experience temporary NFS slowdowns but avoids hangs.

🌐 Internet-Facing: LOW - This vulnerability requires local access or NFS client access; not directly exploitable over the internet.
🏢 Internal Only: MEDIUM - Internal NFS clients or local users could trigger the condition, potentially affecting critical file services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger low memory conditions on NFS server, typically requiring local access or NFS client access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific kernel versions from provided git commits: 0bae835b63c53f86cdc524f5962e39409585b22c and related commits

Vendor Advisory: https://git.kernel.org/stable/c/0bae835b63c53f86cdc524f5962e39409585b22c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Increase system memory or reduce memory pressure

linux

Ensure adequate available memory to prevent low memory conditions that trigger the vulnerability

# Monitor memory usage
free -h
# Identify memory-hungry processes
ps aux --sort=-%mem | head -20

Disable NFS if not required

linux

Temporarily disable NFS services to eliminate attack surface

# Stop NFS services
systemctl stop nfs-server
# Disable from auto-start
systemctl disable nfs-server

🧯 If You Can't Patch

  • Implement strict memory monitoring and alerting for low memory conditions
  • Restrict NFS access to trusted clients only and monitor for abnormal memory consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions from kernel git commits. Also check if NFS is enabled: systemctl status nfs-server

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version and test NFS operations under memory pressure

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing memory allocation failures
  • NFS service logs showing timeouts or hangs
  • System logs indicating high memory pressure

Network Indicators:

  • NFS clients experiencing timeouts or slow file operations
  • Unusual memory consumption patterns on NFS server

SIEM Query:

source="kernel" AND ("mempool_alloc" OR "memory allocation failed") OR source="nfs" AND ("timeout" OR "hang" OR "stuck")

📊 Metadata

CVE ID: CVE-2022-49097
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-835
EPSS Score: 0.05% exploit probability (13.5th percentile)
Published: February 26, 2025
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49097, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)