Login Sign Up

CVE-2022-49619

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory leak vulnerability exists in the Linux kernel's SFP (Small Form-factor Pluggable) module driver. When devm_add_action() fails during sfp_probe(), allocated memory isn't freed, causing a kernel memory leak. This affects Linux systems using SFP network modules.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with the vulnerable sfp_probe() implementation
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with SFP network hardware modules. The vulnerability is triggered when devm_add_action() fails during SFP module initialization.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service.

🟠

Likely Case

Gradual memory consumption over time causing performance degradation or eventual system instability.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger SFP module operations.
🏢 Internal Only: MEDIUM - Could affect servers with SFP network interfaces if exploited by local users or through other vulnerabilities.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger SFP module operations and cause devm_add_action() to fail. No known public exploits exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commit 0a18d802d65cf662644fd1d369c86d84a5630652 or later

Vendor Advisory: https://git.kernel.org/stable/c/0a18d802d65cf662644fd1d369c86d84a5630652

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check kernel commit includes fix for sfp_probe(). 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable SFP modules

linux

Remove or disable SFP network hardware modules if not required

# Physically remove SFP modules from affected systems
# Or disable via kernel parameters if supported

🧯 If You Can't Patch

  • Monitor kernel memory usage for abnormal increases
  • Implement system memory limits and restart services if memory thresholds exceeded

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if SFP module is loaded: lsmod | grep sfp

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: git log --oneline | grep 'sfp_probe'

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • System memory exhaustion warnings
  • SFP module initialization failures

Network Indicators:

  • None specific - this is a local memory issue

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "sfp")

📊 Metadata

CVE ID: CVE-2022-49619
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.03% exploit probability (7.6th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49619, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)