CVE-2022-49999 – A race condition in the Linux kernel's Btrfs fi... (How to Fix)

Q: What is the severity of CVE-2022-49999?

CVE-2022-49999 has a CVSS score of 7.8 (HIGH). A race condition in the Linux kernel's Btrfs filesystem allows double allocation of disk space, potentially corrupting the free space tree and causing filesystem inconsistencies. This affects Linux systems using Btrfs with space_cache=v2 or when regenerating caches. Attackers could exploit this to cause data corruption or denial of service.

📋 TL;DR

A race condition in the Linux kernel's Btrfs filesystem allows double allocation of disk space, potentially corrupting the free space tree and causing filesystem inconsistencies. This affects Linux systems using Btrfs with space_cache=v2 or when regenerating caches. Attackers could exploit this to cause data corruption or denial of service.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with Btrfs support before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using Btrfs filesystem

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using Btrfs filesystem with space_cache=v2 or when cache regeneration occurs. Systems using other filesystems or Btrfs with different configurations are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete filesystem corruption leading to data loss, system crashes, or denial of service requiring filesystem repair or restoration from backup.

🟠

Likely Case

Filesystem inconsistencies causing errors during file operations, potential data corruption in affected files, and system instability requiring manual intervention.

🟢

If Mitigated

Limited impact with proper monitoring and backups; filesystem may require repair but data remains recoverable.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could trigger the race condition to cause system instability or data corruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires precise timing to trigger the race condition and knowledge of Btrfs internals.

Exploitation requires local access and ability to perform filesystem operations. The race condition is complex to trigger intentionally.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel commits 92dc4c1a8e58bcc7a183a4c86b055c24cc88d967, a2e54eb64229f07f917b05d0c323604fda9b89f7, ced8ecf026fd8084cf175530ff85c76d6085d715 and backported to stable branches

Vendor Advisory: https://git.kernel.org/stable/c/92dc4c1a8e58bcc7a183a4c86b055c24cc88d967

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel. 4. Consider running btrfs check on affected filesystems.

🔧 Temporary Workarounds

Disable space_cache=v2

linux

Use space_cache=v1 or nospace_cache mount options to avoid the vulnerable code path

mount -o remount,space_cache=v1 /mount/point
Add 'space_cache=v1' to /etc/fstab for persistent change

Avoid concurrent fsync operations

linux

Limit simultaneous filesystem sync operations that could trigger the race condition

🧯 If You Can't Patch

Monitor system logs for Btrfs errors and space cache corruption messages
Implement regular filesystem checks and maintain verified backups

🔍 How to Verify

Check if Vulnerable:

Check kernel version and Btrfs configuration: uname -r and check /proc/mounts for Btrfs with space_cache=v2

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and monitor for absence of 'unable to add free space :-17' errors in dmesg

📡 Detection & Monitoring

Log Indicators:

"unable to add free space :-17" errors in kernel logs
"missing free space info" messages
BUG_ON() in add_new_free_space() crashes

SIEM Query:

source="kernel" AND ("unable to add free space" OR "missing free space info" OR "add_new_free_space")

📊 Metadata

CVE ID: CVE-2022-49999

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.01% exploit probability (2.2th percentile)

Published: June 18, 2025

Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49999, you might also want to check these: