4.7
MEDIUM
CVE-2022-49295
Linux Kernel NBD Netlink Family Unregister Race Condition
Description

In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:down_write+0x1a/0x50 Call Trace: start_creating+0x89/0x130 debugfs_create_dir+0x1b/0x130 nbd_start_device+0x13d/0x390 [nbd] nbd_genl_connect+0x42f/0x748 [nbd] genl_family_rcv_msg_doit.isra.0+0xec/0x150 genl_rcv_msg+0xe5/0x1e0 netlink_rcv_skb+0x55/0x100 genl_rcv+0x29/0x40 netlink_unicast+0x1a8/0x250 netlink_sendmsg+0x21b/0x430 ____sys_sendmsg+0x2a4/0x2d0 ___sys_sendmsg+0x81/0xc0 __sys_sendmsg+0x62/0xb0 __x64_sys_sendmsg+0x1f/0x30 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Modules linked in: nbd(E-)

INFO

Published Date :

Feb. 26, 2025, 7:01 a.m.

Last Modified :

April 14, 2025, 8:08 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.0
Affected Products

The following products are affected by CVE-2022-49295 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-49295.

URL Resource
https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c Patch
https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e Patch
https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e Patch
https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79 Patch
https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f Patch
https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25 Patch
https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca Patch
https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-49295 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-49295 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Apr. 14, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.198 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.247 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.18 up to (excluding) 5.18.4 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.17.15 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.47 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.122 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.14.283
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db Types: Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 26, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:down_write+0x1a/0x50 Call Trace: start_creating+0x89/0x130 debugfs_create_dir+0x1b/0x130 nbd_start_device+0x13d/0x390 [nbd] nbd_genl_connect+0x42f/0x748 [nbd] genl_family_rcv_msg_doit.isra.0+0xec/0x150 genl_rcv_msg+0xe5/0x1e0 netlink_rcv_skb+0x55/0x100 genl_rcv+0x29/0x40 netlink_unicast+0x1a8/0x250 netlink_sendmsg+0x21b/0x430 ____sys_sendmsg+0x2a4/0x2d0 ___sys_sendmsg+0x81/0xc0 __sys_sendmsg+0x62/0xb0 __x64_sys_sendmsg+0x1f/0x30 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae Modules linked in: nbd(E-)
    Added Reference https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c
    Added Reference https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e
    Added Reference https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e
    Added Reference https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79
    Added Reference https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f
    Added Reference https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25
    Added Reference https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca
    Added Reference https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-49295 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-49295 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Apr. 24, 2025 14:41