CVE-2022-49329 – CVE-2022-49329 is a NULL pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2022-49329?

CVE-2022-49329 has a CVSS score of 5.5 (MEDIUM). CVE-2022-49329 is a NULL pointer dereference vulnerability in the Linux kernel's vduse (vDPA Device in Userspace) subsystem. When accessing the control device's msg_timeout attribute via sysfs, the system attempts to read from uninitialized memory, causing a kernel panic and system crash. This affects Linux systems using vduse functionality, particularly those with vDPA virtualization features enabled.

📋 TL;DR

CVE-2022-49329 is a NULL pointer dereference vulnerability in the Linux kernel's vduse (vDPA Device in Userspace) subsystem. When accessing the control device's msg_timeout attribute via sysfs, the system attempts to read from uninitialized memory, causing a kernel panic and system crash. This affects Linux systems using vduse functionality, particularly those with vDPA virtualization features enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions with vduse support (introduced in 5.15) up to fixed versions

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if vduse subsystem is enabled and in use. Many distributions may not have this enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash when accessing the vulnerable sysfs attribute, resulting in temporary denial of service until system reboot.

🟢

If Mitigated

No impact if vduse functionality is not used or if proper access controls prevent unauthorized sysfs access.

🌐 Internet-Facing: LOW - Requires local access to sysfs interface, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with sysfs access can trigger system crash, affecting availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple sysfs read operation triggers the vulnerability

Exploitation requires local access and ability to read sysfs attributes. No privilege escalation or code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 30fd1b56621e187346f65d01fe34870634b15188, 3a7a81f4835dfda11f39fdd27586da14331896eb, b22fdee17ec62604060fb0fda5e1414b634666e1, b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9

Vendor Advisory: https://git.kernel.org/stable/c/30fd1b56621e187346f65d01fe34870634b15188

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify vduse module loads without errors.

🔧 Temporary Workarounds

Disable vduse module

linux

Prevent loading of vulnerable vduse kernel module

echo 'blacklist vduse' >> /etc/modprobe.d/blacklist-vduse.conf
rmmod vduse

Restrict sysfs access

linux

Limit access to vulnerable sysfs attribute

chmod 000 /sys/class/vduse/control/msg_timeout

🧯 If You Can't Patch

Disable vduse functionality if not required
Implement strict access controls to prevent unauthorized users from accessing sysfs interfaces

🔍 How to Verify

Check if Vulnerable:

Check if vduse module is loaded: lsmod | grep vduse. If loaded and kernel version is affected, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version is patched: uname -r and verify against distribution security advisories. Test sysfs access: cat /sys/class/vduse/control/msg_timeout (should return value or permission error, not crash).

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning 'NULL pointer dereference'
System crash/reboot logs
OOM killer or kernel oops messages

Network Indicators:

None - local vulnerability only

SIEM Query:

event_source:kernel AND (message:"NULL pointer dereference" OR message:"vduse" OR message:"msg_timeout")

📊 Metadata

CVE ID: CVE-2022-49329

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (10.5th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49329, you might also want to check these: