Login Sign Up

CVE-2022-49441

5.5 MEDIUM

📋 TL;DR

This CVE describes a deadlock vulnerability in the Linux kernel's tty subsystem where calling printk() under tty_port->lock can create a circular locking dependency. The vulnerability can cause system hangs or denial of service when specific conditions trigger the deadlock. It affects Linux systems using the vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Multiple stable kernel versions prior to fixes in 5.4.143+, 5.10.60+, 5.12.13+, 5.13.4+, 5.14-rc1+
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires specific conditions to trigger the deadlock (pty operations with kmalloc failures).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system hang requiring hard reboot, leading to extended downtime and potential data loss.

🟠

Likely Case

Local denial of service affecting terminal/pty operations, causing system instability.

🟢

If Mitigated

Minimal impact with proper kernel patching or workarounds in place.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific kernel operations.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the deadlock, affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific conditions to trigger the deadlock scenario.

Discovered via syzbot fuzzing; exploitation requires triggering kmalloc failures under specific locking conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.4.143+, 5.10.60+, 5.12.13+, 5.13.4+, 5.14-rc1+

Vendor Advisory: https://git.kernel.org/stable/c/04ee31678c128a6cc7bb057ea189a8624ba5a314

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Memory pressure avoidance

linux

Reduce likelihood of kmalloc failures by maintaining sufficient system memory.

# Monitor memory usage
free -h
# Set appropriate vm.min_free_kbytes
sysctl -w vm.min_free_kbytes=65536

🧯 If You Can't Patch

  • Restrict local user access to minimize risk of triggering the vulnerability.
  • Monitor system logs for OOM (Out of Memory) conditions and address memory pressure promptly.

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare with affected versions (5.4.0-5.4.142, 5.10.0-5.10.59, etc.)

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.4.143+ or equivalent patched version: uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • System hang reports
  • OOM (Out of Memory) kernel messages

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("deadlock" OR "circular locking" OR "tty_port" OR "pty_write")

📊 Metadata

CVE ID: CVE-2022-49441
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
EPSS Score: 0.01% exploit probability (2.1th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49441, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)