Login Sign Up

CVE-2022-49874

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability is a memory leak in the Linux kernel's Hyper-V mouse driver that occurs when device registration fails. If exploited, it could lead to kernel memory exhaustion over time, potentially causing system instability or denial of service. Systems using Linux kernels with the vulnerable Hyper-V mouse driver are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing the vulnerable hyperv mouse driver code before fixes were applied
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Hyper-V virtualization and the mousevsc driver loaded; primarily impacts virtual machines running on Hyper-V hypervisors.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Repeated exploitation could exhaust kernel memory, leading to system crashes, denial of service, or kernel instability requiring reboot.

🟠

Likely Case

Memory leak causing gradual performance degradation or system instability over time, particularly in virtualized environments with frequent device changes.

🟢

If Mitigated

Minimal impact with proper monitoring and patching; memory leak would be contained and detected before causing system issues.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring local access or compromise to trigger.
🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through other vulnerabilities to degrade system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger the error condition in mousevsc_probe(); no known active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 249b743801c0, 5ad95d71344b, 5f3aba6566b8, 8597b59e3d22, or a6d2fb1874c5

Vendor Advisory: https://git.kernel.org/stable/c/249b743801c00542e9324f87b380032e957a43e8

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Hyper-V mouse driver

linux

Prevent loading of the vulnerable mousevsc driver module

echo 'blacklist hid_hyperv' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Monitor system memory usage and kernel logs for signs of memory leaks
  • Restrict local user access to prevent potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check if Hyper-V mouse driver is loaded: lsmod | grep hid_hyperv; check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains the fix commits; check that hid_destroy_device() is called in error path

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages related to hid_hyperv
  • Memory allocation failures in kernel logs
  • System instability after mouse device changes

Network Indicators:

  • None - this is a local kernel vulnerability

SIEM Query:

source="kernel" AND ("hid_hyperv" OR "mousevsc" OR "out of memory")

📊 Metadata

CVE ID: CVE-2022-49874
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: May 1, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49874, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)