Login Sign Up

CVE-2022-49350

5.5 MEDIUM

📋 TL;DR

This CVE describes a Linux kernel vulnerability where the mdio_bus_init() function was incorrectly marked with both EXPORT_SYMBOL and __init annotations. This combination can cause kernel panic if a module attempts to use this function after kernel initialization, as the function's memory section may have been freed. The vulnerability affects Linux systems with specific kernel versions that include the flawed code.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions between the introduction of the bug and its fix. Check the git commit references for exact ranges.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where CONFIG_PHYLIB is built as a module (not common as it's typically boolean). The vulnerability exists in code but may not be triggerable in many configurations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical or remote console access to reboot the system.

🟠

Likely Case

System instability or crash when loading certain kernel modules that attempt to use the mdio_bus_init() function after initialization.

🟢

If Mitigated

No impact if the vulnerable code path is not triggered by module loading or if the system is patched.

🌐 Internet-Facing: LOW - This vulnerability requires local access or ability to load kernel modules, making direct internet exploitation unlikely.
🏢 Internal Only: MEDIUM - Malicious local users or compromised services with kernel module loading privileges could trigger the vulnerability to cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to load kernel modules and trigger the specific code path. This typically requires local access with appropriate privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes from the provided git commits (e.g., 35b42dce619701f1300fb8498dae82c9bb1f0263 and others)

Vendor Advisory: https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Restrict kernel module loading

linux

Prevent unauthorized kernel module loading to reduce attack surface

echo 1 > /proc/sys/kernel/modules_disabled
sysctl -w kernel.modules_disabled=1

Disable unnecessary kernel modules

linux

Remove or blacklist modules that might trigger the vulnerable code path

echo 'blacklist phylib' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

  • Restrict user privileges to prevent kernel module loading
  • Implement strict access controls and monitor for unauthorized module loading attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from git commits. Examine if CONFIG_PHYLIB is built as module.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a version containing the fix commits. Check that mdio_bus_init is no longer exported.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • Failed module loading attempts related to mdio or phylib

Network Indicators:

  • Unusual system reboots or crashes

SIEM Query:

source="kern.log" AND "kernel panic" OR "Oops" OR "Unable to handle kernel paging request"

📊 Metadata

CVE ID: CVE-2022-49350
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-908
EPSS Score: 0.04% exploit probability (10.1th percentile)
Published: February 26, 2025
Last Updated: September 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49350, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)