Login Sign Up

CVE-2022-49371

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a deadlock vulnerability in the Linux kernel's device driver subsystem. When memory is low or work queue limits are reached, the __device_attach function can cause a double-acquisition deadlock (A-A deadlock) that could freeze the system. This affects all Linux systems using the vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE description, but patches exist for multiple stable branches
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when async device probing is enabled and system experiences memory pressure or hits work queue limits.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System becomes completely unresponsive requiring hard reboot, potentially causing service disruption and data loss.

🟠

Likely Case

System hangs or becomes unstable when device probing occurs under memory pressure or high workload conditions.

🟢

If Mitigated

Minor performance impact during device attachment with no security compromise.

🌐 Internet-Facing: LOW - This is a local deadlock issue requiring local access or specific conditions, not remotely exploitable.
🏢 Internal Only: MEDIUM - Could cause system instability affecting critical services, but requires specific conditions to trigger.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific system conditions (memory pressure + device probing) and local access

This is a reliability/DoS issue rather than a traditional security vulnerability. Exploitation requires triggering specific race conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/34fdd9b7def9d2fcb71bb7b0bc4848dd7313767e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable async device probing

linux

Prevent the deadlock by disabling asynchronous device attachment

echo N > /sys/module/driver_probe_delay/parameters/probe_async

Increase memory limits

all

Reduce likelihood of triggering by ensuring adequate system memory

🧯 If You Can't Patch

  • Monitor system memory usage and ensure adequate resources to avoid low memory conditions
  • Implement system monitoring to detect and alert on system hangs or instability

🔍 How to Verify

Check if Vulnerable:

Check kernel version against affected ranges and verify if async device probing is enabled

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and system remains stable during device attachment

📡 Detection & Monitoring

Log Indicators:

  • System hang messages
  • Kernel panic logs
  • Device attachment failures in dmesg

Network Indicators:

  • Sudden loss of connectivity from affected system

SIEM Query:

Search for kernel panic events or system hang alerts in system logs

📊 Metadata

CVE ID: CVE-2022-49371
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
EPSS Score: 0.03% exploit probability (9.1th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49371, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)