CVE-2022-49787 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49787?

CVE-2022-49787 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's MMC/SD host controller driver for PCI devices. When the amd_probe() function fails to properly release a PCI device reference via pci_dev_put(), it can cause kernel memory exhaustion over time. This affects Linux systems using the sdhci-pci driver with AMD hardware.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's MMC/SD host controller driver for PCI devices. When the amd_probe() function fails to properly release a PCI device reference via pci_dev_put(), it can cause kernel memory exhaustion over time. This affects Linux systems using the sdhci-pci driver with AMD hardware.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected kernel versions not specified in CVE; vulnerability present in unpatched versions containing the flawed sdhci-pci driver code.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD hardware with SDHCI PCI controller; vulnerability triggered during device probe failure scenarios.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel panic/crash.

🟠

Likely Case

Gradual memory leak over extended periods leading to performance degradation and eventual system instability requiring reboot.

🟢

If Mitigated

Minimal impact with proper monitoring and timely patching; memory pressure but unlikely to cause immediate system failure.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger the vulnerable code path; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability, leading to system instability affecting other services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific error conditions in device initialization; not a straightforward memory corruption vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits referenced in CVE description

Vendor Advisory: https://git.kernel.org/stable/c/222cfa0118aa68687ace74aab8fdf77ce8fbd7e6

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes 2. Reboot system to load patched kernel 3. Verify kernel version after reboot

🔧 Temporary Workarounds

Disable affected hardware module

linux

Blacklist or disable the sdhci-pci driver if not required

echo 'blacklist sdhci-pci' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Monitor kernel memory usage and system stability metrics
Implement aggressive process monitoring and restart policies for systems showing memory pressure

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if sdhci-pci module is loaded: lsmod | grep sdhci_pci

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for sdhci-pci initialization without memory leak warnings

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages in dmesg
Increasing memory usage without corresponding process allocation
System instability or crash reports

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("Out of memory" OR "kernel panic" OR "sdhci_pci")

📊 Metadata

CVE ID: CVE-2022-49787

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (5.7th percentile)

Published: May 1, 2025

Last Updated: November 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49787, you might also want to check these: