CVE-2022-49121 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49121?

CVE-2022-49121 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's pm8001 SCSI driver where allocated tags are not properly freed when certain error conditions occur. This affects systems using pm8001-based SAS/SATA controllers. The vulnerability can lead to resource exhaustion over time.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's pm8001 SCSI driver where allocated tags are not properly freed when certain error conditions occur. This affects systems using pm8001-based SAS/SATA controllers. The vulnerability can lead to resource exhaustion over time.

💻 Affected Systems

Products:

Linux kernel with pm8001 driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with pm8001-based SAS/SATA controllers. The driver is typically built as a module and only loaded when hardware is present.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could exhaust kernel memory, leading to system instability, denial of service, or potential kernel panic.

🟠

Likely Case

Gradual memory consumption leading to performance degradation and eventual system instability requiring reboot.

🟢

If Mitigated

Minimal impact with proper monitoring and regular system maintenance.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific SCSI operations.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through other vulnerabilities to degrade system performance.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger specific SCSI operations that would fail in the affected functions. Likely requires local access or another vulnerability to reach the code paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 43c617eefab7, 4c8f04b1905c, 9cc72bcc1c09, a0bb65eadbf9, bdc74815f1c3

Vendor Advisory: https://git.kernel.org/stable/c/43c617eefab7077d69f5989ad3e2a273da1d728b

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable pm8001 module

linux

Prevent loading of vulnerable driver if hardware not required

echo 'blacklist pm8001' >> /etc/modprobe.d/blacklist-pm8001.conf
rmmod pm8001

🧯 If You Can't Patch

Monitor system memory usage and kernel logs for signs of memory exhaustion
Implement regular system reboots to clear accumulated memory leaks

🔍 How to Verify

Check if Vulnerable:

Check if pm8001 module is loaded: lsmod | grep pm8001. Check kernel version against distribution's patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check dmesg for pm8001-related errors after patch.

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
Increasing memory usage in /proc/meminfo
pm8001 driver error messages in dmesg

Network Indicators:

None - local vulnerability

SIEM Query:

source="kernel" AND ("pm8001" OR "oom-killer")

📊 Metadata

CVE ID: CVE-2022-49121

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.05% exploit probability (16.1th percentile)

Published: February 26, 2025

Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49121, you might also want to check these: