CVE-2022-49322
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's tracing subsystem when using PREEMPT_RT (real-time) kernels with specific boot parameters. The vulnerability causes a sleeping function to be called from an invalid atomic context, potentially leading to kernel instability or crashes. It primarily affects systems running PREEMPT_RT kernels with specific tracing configurations enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially disrupting critical real-time operations on affected systems.
Likely Case
System instability, kernel warnings, or crashes when the specific tracing configuration is enabled on PREEMPT_RT kernels.
If Mitigated
No impact if the vulnerable configuration is not used or if systems are not running PREEMPT_RT kernels.
🎯 Exploit Status
This appears to be a stability bug rather than a security vulnerability that enables privilege escalation or remote access. Exploitation would require local access and specific kernel configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/12025abdc8539ed9d5014e2d647a3fd1bd3de5cd
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix. 2. Check kernel commit history for inclusion of fixes. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable vulnerable tracing configuration
linuxRemove the problematic boot parameters that trigger the vulnerability
Edit /etc/default/grub or bootloader configuration
Remove: trace_event=initcall:initcall_start tp_printk=1
Run: update-grub (or equivalent)
Reboot system
🧯 If You Can't Patch
- Avoid using 'trace_event=initcall:initcall_start tp_printk=1' boot parameters
- Consider using standard kernel instead of PREEMPT_RT if real-time features are not required
🔍 How to Verify
Check if Vulnerable:
Check if running PREEMPT_RT kernel: 'uname -a | grep -i rt' and check boot parameters: 'cat /proc/cmdline | grep trace_event'Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions in git commits, verify boot parameters don't include vulnerable configuration📡 Detection & Monitoring
Log Indicators:
- Kernel messages about 'sleeping function called from invalid context'
- BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
- System crashes or instability when specific tracing is enabled
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND "sleeping function called from invalid context" AND "spinlock_rt.c"🔗 References
- https://git.kernel.org/stable/c/12025abdc8539ed9d5014e2d647a3fd1bd3de5cd
- https://git.kernel.org/stable/c/1788e6dbb61286215442b1af99e51405a6206762
- https://git.kernel.org/stable/c/40f9fde06b25884baa0c4bd138b909a9b67218b4
- https://git.kernel.org/stable/c/43bfc4dccc416c964b53cbdc430e814f8b6f770b
- https://git.kernel.org/stable/c/48c6ee7d6c614f09b2c8553a95eefef6ecf196e0
- https://git.kernel.org/stable/c/9abf3db8bdb63ab545034148ef2118f4d088ca59
- https://git.kernel.org/stable/c/9b534640a2c6a8d88168febc82ec6d161184f2ec
- https://git.kernel.org/stable/c/be1f323fb9d9b14a505ca22d742d321769454de1
