CVE-2022-49781 – A race condition in the Linux kernel's AMD perf... (How to Fix)

Q: What is the severity of CVE-2022-49781?

CVE-2022-49781 has a CVSS score of 4.7 (MEDIUM). A race condition in the Linux kernel's AMD performance monitoring unit (PMU) can cause a NULL pointer dereference leading to kernel panic. This affects Linux systems with AMD processors when perf events are enabled. The vulnerability allows local attackers to crash the system.

📋 TL;DR

A race condition in the Linux kernel's AMD performance monitoring unit (PMU) can cause a NULL pointer dereference leading to kernel panic. This affects Linux systems with AMD processors when perf events are enabled. The vulnerability allows local attackers to crash the system.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with AMD PMU support before fixes in stable releases (specific versions vary by distribution)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when perf subsystem is actively used on AMD processors. Requires CONFIG_PERF_EVENTS and CONFIG_CPU_SUP_AMD to be enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service through kernel panic, requiring system reboot and potentially causing data loss or service disruption.

🟠

Likely Case

System crash when specific perf monitoring operations are performed concurrently, particularly on systems with heavy performance monitoring usage.

🟢

If Mitigated

Minimal impact if systems don't use perf monitoring extensively or have the patch applied.

🌐 Internet-Facing: LOW - Requires local access to trigger

🏢 Internal Only: MEDIUM - Local users or processes could crash the system

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger specific race conditions in perf event handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits baa014b9543c8e5e94f5d15b66abfe60750b8284 and fd5e454b856ed86b090336e269695d9908609b71

Vendor Advisory: https://git.kernel.org/stable/c/baa014b9543c8e5e94f5d15b66abfe60750b8284

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable perf events

linux

Disable the perf subsystem to prevent the race condition

echo 0 > /proc/sys/kernel/perf_event_paranoid
Disable perf events via kernel command line: perf_event=off

🧯 If You Can't Patch

Restrict perf event usage to trusted users only
Monitor for kernel panic events and investigate perf-related crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if AMD processor is present: uname -r && grep -i amd /proc/cpuinfo

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched: uname -r should show version after fixes were backported

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning NULL pointer dereference at address 0000000000000198
AMD PMU related crash logs
perf event handler crashes

Network Indicators:

None - local vulnerability only

SIEM Query:

search 'kernel: BUG: kernel NULL pointer dereference, address: 0000000000000198' OR 'amd_pmu_enable_all' in system logs

📊 Metadata

CVE ID: CVE-2022-49781

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.02% exploit probability (3.2th percentile)

Published: May 1, 2025

Last Updated: November 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49781, you might also want to check these: