CVE-2022-49180 – This Linux kernel vulnerability involves incorr... (How to Fix)

Q: What is the severity of CVE-2022-49180?

CVE-2022-49180 has a CVSS score of 5.5 (MEDIUM). This Linux kernel vulnerability involves incorrect error handling in the LSM (Linux Security Module) framework when processing mount options. It can cause a general protection fault (kernel crash) when security modules like Smack and SELinux return inconsistent error codes. Systems using Linux kernels with affected LSM implementations are vulnerable.

📋 TL;DR

This Linux kernel vulnerability involves incorrect error handling in the LSM (Linux Security Module) framework when processing mount options. It can cause a general protection fault (kernel crash) when security modules like Smack and SELinux return inconsistent error codes. Systems using Linux kernels with affected LSM implementations are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with the vulnerable LSM code (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using LSM modules like Smack or SELinux with specific mount operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially disrupting critical services.

🟠

Likely Case

System instability or crash when processing certain mount operations with specific security module configurations.

🟢

If Mitigated

No impact if patched or if affected security modules are not in use.

🌐 Internet-Facing: LOW - Requires local access and specific mount operations.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger mount operations with specific parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/00fc07fa0b4a004711b6e1a944f0d2e46f7093b7

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable affected LSM modules

linux

Temporarily disable Smack or SELinux if not required for security policy

setenforce 0
echo 0 > /sys/fs/smackfs/load2

🧯 If You Can't Patch

Restrict mount operations to trusted users only
Monitor system logs for kernel panic events related to mount operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it includes the vulnerable LSM code from git commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version from distribution vendor

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
General protection fault errors in dmesg
Mount operation failures

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("general protection fault" OR "LSM" OR "legacy_parse_param")

📊 Metadata

CVE ID: CVE-2022-49180

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.05% exploit probability (15th percentile)

Published: February 26, 2025

Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON