Login Sign Up

CVE-2022-49826

7.8 HIGH

📋 TL;DR

This CVE describes a double-free vulnerability in the Linux kernel's libata-transport subsystem. When the ata_tport_add() function fails, it incorrectly calls ata_host_put() twice, leading to a null pointer dereference when unbinding devices. This affects Linux systems using ATA/SATA storage controllers.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using ATA/SATA storage controllers. Requires specific error conditions during ata_tport_add() to trigger.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss if storage operations are interrupted.

🟠

Likely Case

System crash or kernel panic when specific error conditions occur during ATA device initialization, resulting in denial of service.

🟢

If Mitigated

System remains stable as the vulnerability only triggers under specific error conditions during device binding/unbinding operations.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or ability to trigger specific device initialization failures.
🏢 Internal Only: MEDIUM - Internal users or processes with ability to load/unload kernel modules or trigger device initialization could cause system crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires triggering specific error conditions in kernel device initialization

Exploitation requires local access and ability to trigger the error path in ata_tport_add(). No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 30e12e2be27ac6c4be2af4163c70db381364706f, 377ff82c33c0cb74562a353361b64b33c09562cf, 865a6da40ba092c18292ae5f6194756131293745, 8c76310740807ade5ecdab5888f70ecb6d35732e, ac471468f7c16cda2525909946ca13ddbcd14000

Vendor Advisory: https://git.kernel.org/stable/c/30e12e2be27ac6c4be2af4163c70db381364706f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable vulnerable module loading

linux

Prevent loading of ATA transport modules that could trigger the vulnerability

echo 'blacklist libata' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict local access to prevent users from triggering device initialization failures
  • Monitor system logs for kernel panic events related to ATA device operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisory. Vulnerable if using kernel before fix commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to one containing the fix commits. Check /proc/version or uname -r.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages mentioning 'ata_host_stop' or 'null-ptr-deref'
  • System crash logs with ATA-related stack traces
  • dmesg output showing 'Unable to handle kernel NULL pointer dereference' with libata in call trace

Network Indicators:

  • None - this is a local kernel vulnerability

SIEM Query:

source="kernel" AND ("ata_host_stop" OR "null-ptr-deref" OR "libata" AND panic)

📊 Metadata

CVE ID: CVE-2022-49826
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
EPSS Score: 0.02% exploit probability (5.9th percentile)
Published: May 1, 2025
Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49826, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)