Login Sign Up

CVE-2022-49912

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's Btrfs filesystem qgroup self-tests. When certain error conditions occur during qgroup testing, the kernel fails to properly free allocated memory (ulists), leading to resource exhaustion over time. This affects Linux systems using Btrfs filesystem with qgroup functionality enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with vulnerable Btrfs qgroup self-test code (check git commits for exact versions)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when Btrfs filesystem with qgroup functionality is used and qgroup self-tests are executed. Most production systems don't run these tests.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel panic/crash.

🟠

Likely Case

Gradual memory leak during qgroup self-tests, potentially causing performance degradation or system instability if tests are run repeatedly.

🟢

If Mitigated

Minimal impact as this only affects qgroup self-tests which are typically not run in production environments.

🌐 Internet-Facing: LOW - Requires local access to trigger qgroup self-tests, not directly exploitable over network.
🏢 Internal Only: LOW - Requires privileged access to run qgroup self-tests, limited to specific testing scenarios.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires privileged access to trigger qgroup self-tests. Memory leak occurs only during specific error conditions in test functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes from git commits: 0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84, 203204798831c35d855ecc6417d98267d2d2184b, 3f58283d83a588ff5da62fc150de19e798ed2ec2, 5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9, d37de92b38932d40e4a251e876cc388f9aee5f42

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable qgroup self-tests

linux

Prevent execution of vulnerable qgroup self-test functions

# Ensure qgroup self-tests are not executed in production

🧯 If You Can't Patch

  • Avoid running Btrfs qgroup self-tests in production environments
  • Monitor system memory usage and restart if memory exhaustion is detected

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from git commits. Vulnerable if running kernel with vulnerable Btrfs qgroup self-test code.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched versions. Check that ulist_free() calls are present in test_no_shared_qgroup() and test_multiple_refs() functions.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • Memory allocation failures in kernel logs
  • System instability after qgroup operations

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for kernel panic logs, memory allocation failures, or Btrfs qgroup test execution

📊 Metadata

CVE ID: CVE-2022-49912
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: May 1, 2025
Last Updated: November 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49912, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)