CVE-2022-49079: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone btrfs_can_activate_zone() can be called with the device_list_mutex already held, which will lead to a deadlock: insert_dev_extents() // Takes device_list_mutex `-> insert_dev_extent() `-> btrfs_insert_empty_item() `-> btrfs_insert_empty_items() `-> btrfs_search_slot() `-> btrfs_cow_block() `-> __btrfs_cow_block() `-> btrfs_alloc_tree_block() `-> btrfs_reserve_extent() `-> find_free_extent() `-> find_free_extent_update_loop() `-> can_allocate_chunk() `-> btrfs_can_activate_zone() // Takes device_list_mutex again Instead of using the RCU on fs_devices->device_list we can use fs_devices->alloc_list, protected by the chunk_mutex to traverse the list of active devices. We are in the chunk allocation thread. The newer chunk allocation happens from the devices in the fs_device->alloc_list protected by the chunk_mutex. btrfs_create_chunk() lockdep_assert_held(&info->chunk_mutex); gather_device_info list_for_each_entry(device, &fs_devices->alloc_list, dev_alloc_list) Also, a device that reappears after the mount won't join the alloc_list yet and, it will be in the dev_list, which we don't want to consider in the context of the chunk alloc. [15.166572] WARNING: possible recursive locking detected [15.167117] 5.17.0-rc6-dennis #79 Not tainted [15.167487] -------------------------------------------- [15.167733] kworker/u8:3/146 is trying to acquire lock: [15.167733] ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: find_free_extent+0x15a/0x14f0 [btrfs] [15.167733] [15.167733] but task is already holding lock: [15.167733] ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_create_pending_block_groups+0x20a/0x560 [btrfs] [15.167733] [15.167733] other info that might help us debug this: [15.167733] Possible unsafe locking scenario: [15.167733] [15.171834] CPU0 [15.171834] ---- [15.171834] lock(&fs_devs->device_list_mutex); [15.171834] lock(&fs_devs->device_list_mutex); [15.171834] [15.171834] *** DEADLOCK *** [15.171834] [15.171834] May be due to missing lock nesting notation [15.171834] [15.171834] 5 locks held by kworker/u8:3/146: [15.171834] #0: ffff888100050938 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1c3/0x5a0 [15.171834] #1: ffffc9000067be80 ((work_completion)(&fs_info->async_data_reclaim_work)){+.+.}-{0:0}, at: process_one_work+0x1c3/0x5a0 [15.176244] #2: ffff88810521e620 (sb_internal){.+.+}-{0:0}, at: flush_space+0x335/0x600 [btrfs] [15.176244] #3: ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_create_pending_block_groups+0x20a/0x560 [btrfs] [15.176244] #4: ffff8881152e4b78 (btrfs-dev-00){++++}-{3:3}, at: __btrfs_tree_lock+0x27/0x130 [btrfs] [15.179641] [15.179641] stack backtrace: [15.179641] CPU: 1 PID: 146 Comm: kworker/u8:3 Not tainted 5.17.0-rc6-dennis #79 [15.179641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1.fc35 04/01/2014 [15.179641] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] [15.179641] Call Trace: [15.179641] <TASK> [15.179641] dump_stack_lvl+0x45/0x59 [15.179641] __lock_acquire.cold+0x217/0x2b2 [15.179641] lock_acquire+0xbf/0x2b0 [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] __mutex_lock+0x8e/0x970 [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] ? lock_is_held_type+0xd7/0x130 [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] ? _raw_spin_unlock+0x24/0x40 [15.183838] ? btrfs_get_alloc_profile+0x106/0x230 [btrfs] [15.187601] btrfs_reserve_extent+0x131/0x260 [btrfs] [15. ---truncated---
AI Analysis
Technical Summary
CVE-2022-49079 is a vulnerability in the Linux kernel's Btrfs filesystem implementation, specifically related to the zoned block device support. The issue arises from improper locking mechanisms in the function btrfs_can_activate_zone(), which can be called while already holding the device_list_mutex lock. This leads to a recursive locking scenario and ultimately a deadlock. The deadlock occurs because the function attempts to acquire the device_list_mutex twice in the same thread context, violating lock acquisition rules and causing the kernel to hang or stall. The vulnerability is rooted in the traversal of device lists under chunk_mutex and device_list_mutex locks. The fix involves changing the traversal from the device_list (protected by device_list_mutex) to the alloc_list (protected by chunk_mutex), which avoids the recursive locking scenario. The vulnerability manifests in the chunk allocation thread during operations such as btrfs_create_chunk(), where the device list traversal is critical. The deadlock can cause system hangs or kernel panics, impacting system availability. The vulnerability does not require user interaction or authentication but affects systems running the affected Linux kernel versions with Btrfs filesystem and zoned block device support enabled. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on 2025-02-26, and the affected versions correspond to specific Linux kernel commits. The technical details indicate that the problem is a classic kernel deadlock due to improper lock nesting and recursive locking, which can severely impact system stability and availability.
Potential Impact
For European organizations, the impact of CVE-2022-49079 can be significant, especially for those relying on Linux servers with Btrfs filesystems and zoned block devices (such as SMR drives). The deadlock can cause kernel hangs, leading to system unavailability and potential downtime for critical services. This is particularly relevant for data centers, cloud providers, and enterprises using Linux-based infrastructure for storage solutions. The inability to allocate chunks properly in Btrfs can disrupt file system operations, affecting data writes and reads, which may result in degraded performance or service interruptions. Although the vulnerability does not directly lead to data corruption or unauthorized access, the denial of service caused by deadlocks can impact business continuity and operational efficiency. Organizations with automated systems that rely on Btrfs for storage may experience unexpected outages, requiring manual intervention to recover. The lack of known exploits reduces immediate risk, but the vulnerability's presence in the kernel means that any targeted attack or accidental triggering could cause widespread disruption. European organizations with compliance requirements for uptime and availability should prioritize addressing this issue to avoid potential service level agreement (SLA) breaches.
Mitigation Recommendations
To mitigate CVE-2022-49079, European organizations should: 1) Apply the latest Linux kernel patches that address this deadlock vulnerability as soon as they become available. Monitor kernel mailing lists and vendor advisories for updates related to Btrfs and zoned block device support. 2) If patching is not immediately possible, consider disabling zoned block device support in Btrfs or avoid using Btrfs on zoned devices until the fix is applied. 3) Implement monitoring for kernel warnings related to recursive locking or deadlocks, enabling early detection of potential issues. 4) For critical systems, schedule maintenance windows to update kernels and reboot systems to ensure the patched kernel is in use. 5) Review system configurations to minimize the use of Btrfs zoned features if not essential, or consider alternative filesystems for workloads sensitive to availability. 6) Engage with Linux distribution vendors to confirm the availability of patched kernel versions and coordinate timely deployment. 7) Conduct thorough testing in staging environments before deploying patches in production to ensure compatibility and stability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49079: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: traverse devices under chunk_mutex in btrfs_can_activate_zone btrfs_can_activate_zone() can be called with the device_list_mutex already held, which will lead to a deadlock: insert_dev_extents() // Takes device_list_mutex `-> insert_dev_extent() `-> btrfs_insert_empty_item() `-> btrfs_insert_empty_items() `-> btrfs_search_slot() `-> btrfs_cow_block() `-> __btrfs_cow_block() `-> btrfs_alloc_tree_block() `-> btrfs_reserve_extent() `-> find_free_extent() `-> find_free_extent_update_loop() `-> can_allocate_chunk() `-> btrfs_can_activate_zone() // Takes device_list_mutex again Instead of using the RCU on fs_devices->device_list we can use fs_devices->alloc_list, protected by the chunk_mutex to traverse the list of active devices. We are in the chunk allocation thread. The newer chunk allocation happens from the devices in the fs_device->alloc_list protected by the chunk_mutex. btrfs_create_chunk() lockdep_assert_held(&info->chunk_mutex); gather_device_info list_for_each_entry(device, &fs_devices->alloc_list, dev_alloc_list) Also, a device that reappears after the mount won't join the alloc_list yet and, it will be in the dev_list, which we don't want to consider in the context of the chunk alloc. [15.166572] WARNING: possible recursive locking detected [15.167117] 5.17.0-rc6-dennis #79 Not tainted [15.167487] -------------------------------------------- [15.167733] kworker/u8:3/146 is trying to acquire lock: [15.167733] ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: find_free_extent+0x15a/0x14f0 [btrfs] [15.167733] [15.167733] but task is already holding lock: [15.167733] ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_create_pending_block_groups+0x20a/0x560 [btrfs] [15.167733] [15.167733] other info that might help us debug this: [15.167733] Possible unsafe locking scenario: [15.167733] [15.171834] CPU0 [15.171834] ---- [15.171834] lock(&fs_devs->device_list_mutex); [15.171834] lock(&fs_devs->device_list_mutex); [15.171834] [15.171834] *** DEADLOCK *** [15.171834] [15.171834] May be due to missing lock nesting notation [15.171834] [15.171834] 5 locks held by kworker/u8:3/146: [15.171834] #0: ffff888100050938 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1c3/0x5a0 [15.171834] #1: ffffc9000067be80 ((work_completion)(&fs_info->async_data_reclaim_work)){+.+.}-{0:0}, at: process_one_work+0x1c3/0x5a0 [15.176244] #2: ffff88810521e620 (sb_internal){.+.+}-{0:0}, at: flush_space+0x335/0x600 [btrfs] [15.176244] #3: ffff888102962ee0 (&fs_devs->device_list_mutex){+.+.}-{3:3}, at: btrfs_create_pending_block_groups+0x20a/0x560 [btrfs] [15.176244] #4: ffff8881152e4b78 (btrfs-dev-00){++++}-{3:3}, at: __btrfs_tree_lock+0x27/0x130 [btrfs] [15.179641] [15.179641] stack backtrace: [15.179641] CPU: 1 PID: 146 Comm: kworker/u8:3 Not tainted 5.17.0-rc6-dennis #79 [15.179641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1.fc35 04/01/2014 [15.179641] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] [15.179641] Call Trace: [15.179641] <TASK> [15.179641] dump_stack_lvl+0x45/0x59 [15.179641] __lock_acquire.cold+0x217/0x2b2 [15.179641] lock_acquire+0xbf/0x2b0 [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] __mutex_lock+0x8e/0x970 [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] ? lock_is_held_type+0xd7/0x130 [15.183838] ? find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] find_free_extent+0x15a/0x14f0 [btrfs] [15.183838] ? _raw_spin_unlock+0x24/0x40 [15.183838] ? btrfs_get_alloc_profile+0x106/0x230 [btrfs] [15.187601] btrfs_reserve_extent+0x131/0x260 [btrfs] [15. ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2022-49079 is a vulnerability in the Linux kernel's Btrfs filesystem implementation, specifically related to the zoned block device support. The issue arises from improper locking mechanisms in the function btrfs_can_activate_zone(), which can be called while already holding the device_list_mutex lock. This leads to a recursive locking scenario and ultimately a deadlock. The deadlock occurs because the function attempts to acquire the device_list_mutex twice in the same thread context, violating lock acquisition rules and causing the kernel to hang or stall. The vulnerability is rooted in the traversal of device lists under chunk_mutex and device_list_mutex locks. The fix involves changing the traversal from the device_list (protected by device_list_mutex) to the alloc_list (protected by chunk_mutex), which avoids the recursive locking scenario. The vulnerability manifests in the chunk allocation thread during operations such as btrfs_create_chunk(), where the device list traversal is critical. The deadlock can cause system hangs or kernel panics, impacting system availability. The vulnerability does not require user interaction or authentication but affects systems running the affected Linux kernel versions with Btrfs filesystem and zoned block device support enabled. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on 2025-02-26, and the affected versions correspond to specific Linux kernel commits. The technical details indicate that the problem is a classic kernel deadlock due to improper lock nesting and recursive locking, which can severely impact system stability and availability.
Potential Impact
For European organizations, the impact of CVE-2022-49079 can be significant, especially for those relying on Linux servers with Btrfs filesystems and zoned block devices (such as SMR drives). The deadlock can cause kernel hangs, leading to system unavailability and potential downtime for critical services. This is particularly relevant for data centers, cloud providers, and enterprises using Linux-based infrastructure for storage solutions. The inability to allocate chunks properly in Btrfs can disrupt file system operations, affecting data writes and reads, which may result in degraded performance or service interruptions. Although the vulnerability does not directly lead to data corruption or unauthorized access, the denial of service caused by deadlocks can impact business continuity and operational efficiency. Organizations with automated systems that rely on Btrfs for storage may experience unexpected outages, requiring manual intervention to recover. The lack of known exploits reduces immediate risk, but the vulnerability's presence in the kernel means that any targeted attack or accidental triggering could cause widespread disruption. European organizations with compliance requirements for uptime and availability should prioritize addressing this issue to avoid potential service level agreement (SLA) breaches.
Mitigation Recommendations
To mitigate CVE-2022-49079, European organizations should: 1) Apply the latest Linux kernel patches that address this deadlock vulnerability as soon as they become available. Monitor kernel mailing lists and vendor advisories for updates related to Btrfs and zoned block device support. 2) If patching is not immediately possible, consider disabling zoned block device support in Btrfs or avoid using Btrfs on zoned devices until the fix is applied. 3) Implement monitoring for kernel warnings related to recursive locking or deadlocks, enabling early detection of potential issues. 4) For critical systems, schedule maintenance windows to update kernels and reboot systems to ensure the patched kernel is in use. 5) Review system configurations to minimize the use of Btrfs zoned features if not essential, or consider alternative filesystems for workloads sensitive to availability. 6) Engage with Linux distribution vendors to confirm the availability of patched kernel versions and coordinate timely deployment. 7) Conduct thorough testing in staging environments before deploying patches in production to ensure compatibility and stability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.247Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6acc
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 1:57:38 AM
Last updated: 8/9/2025, 1:46:25 AM
Views: 12
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.