Login Sign Up

CVE-2022-49171

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's ext4 filesystem allows unprivileged local users to trigger a kernel panic (denial of service) by exploiting a race condition when dirtying pages without proper filesystem notification. It affects Linux systems using ext4 filesystem and can be triggered via process_vm_writev(2) system call. The vulnerability was discovered by Syzbot and affects multiple Linux kernel versions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Multiple Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using ext4 filesystem
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using ext4 filesystem. The vulnerability is in mm/gup.c but manifests in ext4 filesystem code.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or corruption in ext4 filesystem operations.

🟠

Likely Case

Local unprivileged user triggers kernel panic causing system reboot or crash, resulting in temporary denial of service.

🟢

If Mitigated

System issues warning instead of BUG, marks page as clean, preventing crash but potentially losing data integrity.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with shell access can exploit this to cause denial of service attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Syzbot discovered reliable trigger via process_vm_writev(2). Exploit requires local access but no special privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 0d3a6926f7e8be3c897fa46216ce13b119a9f56a, 330d0e44fc5a47c27df958ecdd4693a3cb1d8b81, 343117559ef41e992e326f7a92da1a8f254dfa8c, 5a016c053f426a73752c3b41b60b497b58694d48, 5db60e76edf5680ff1f3a7221036fc44b308f146

Vendor Advisory: https://git.kernel.org/stable/c/0d3a6926f7e8be3c897fa46216ce13b119a9f56a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable process_vm_writev syscall

linux

Temporarily disable the process_vm_writev system call that can trigger the vulnerability

echo 2 > /proc/sys/kernel/yama/ptrace_scope
sysctl -w kernel.yama.ptrace_scope=2

Use alternative filesystem

linux

Use filesystems other than ext4 for critical partitions

🧯 If You Can't Patch

  • Restrict local user access to prevent unprivileged users from exploiting the vulnerability
  • Implement strict access controls and monitor for suspicious process_vm_writev usage

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if ext4 filesystem is in use. Vulnerable if using unpatched kernel with ext4.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version matches patched version from your distribution. Verify system doesn't crash when testing process_vm_writev operations.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages or dmesg
  • System crash/reboot logs
  • Process_vm_writev system call failures

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("BUG" OR "panic" OR "Oops") AND "ext4"

📊 Metadata

CVE ID: CVE-2022-49171
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-617
EPSS Score: 0.03% exploit probability (9.2th percentile)
Published: February 26, 2025
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49171, you might also want to check these:

CVE-2023-37015 8.6

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 pac...

Same vulnerability type (CWE-617)
CVE-2023-37016 8.6

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial o...

Same vulnerability type (CWE-617)
CVE-2023-37017 8.6

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packet...

Same vulnerability type (CWE-617)