CVE-2022-49751 – This is a race condition vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2022-49751?

CVE-2022-49751 has a CVSS score of 5.5 (MEDIUM). This is a race condition vulnerability in the Linux kernel's w1 subsystem (1-Wire bus master) that causes a kernel warning when removing the ds2482 driver. It affects systems using 1-Wire hardware with the w1 subsystem, potentially causing system instability or crashes during driver removal.

📋 TL;DR

This is a race condition vulnerability in the Linux kernel's w1 subsystem (1-Wire bus master) that causes a kernel warning when removing the ds2482 driver. It affects systems using 1-Wire hardware with the w1 subsystem, potentially causing system instability or crashes during driver removal.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with 1-Wire hardware support enabled and ds2482 driver loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or kernel panic during driver removal, leading to denial of service and potential data loss.

🟠

Likely Case

Kernel warning messages in system logs and potential system instability during driver removal operations.

🟢

If Mitigated

Minor performance impact with warning messages but no system crash.

🌐 Internet-Facing: LOW - Requires local access to trigger via driver operations.

🏢 Internal Only: MEDIUM - Could affect systems using 1-Wire hardware for monitoring/sensing applications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to load/unload kernel modules or access 1-Wire device operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 190b5c3bbd5df685bb1063bda048831d72b8f1d4 and related commits

Vendor Advisory: https://git.kernel.org/stable/c/190b5c3bbd5df685bb1063bda048831d72b8f1d4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Avoid ds2482 driver removal

linux

Prevent unloading of ds2482 driver to avoid triggering the race condition

echo 'blacklist ds2482' >> /etc/modprobe.d/blacklist.conf

Disable 1-Wire subsystem

linux

Remove w1 subsystem if not needed

modprobe -r w1_gpio w1_therm ds2482
echo 'install w1_gpio /bin/false' >> /etc/modprobe.d/disable.conf

🧯 If You Can't Patch

Monitor system logs for w1_bus_master1 process warnings and restart affected services
Implement strict access controls to prevent unauthorized users from loading/unloading kernel modules

🔍 How to Verify

Check if Vulnerable:

Check if ds2482 module is loaded: lsmod | grep ds2482 AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or test by loading/unloading ds2482 module while monitoring dmesg

📡 Detection & Monitoring

Log Indicators:

WARNING messages in dmesg/kernel logs containing 'w1_process' or 'w1_bus_master1'
Kernel stack traces mentioning __might_sleep during w1 operations

Network Indicators:

None - local kernel issue

SIEM Query:

source="kernel" AND ("w1_process" OR "w1_bus_master1" OR "__might_sleep") AND WARNING

📊 Metadata

CVE ID: CVE-2022-49751

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.06% exploit probability (19.5th percentile)

Published: March 27, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON