CVE-2022-49329: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs: [ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271) [ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094) [ 132.870215][ T3644] sysfs_kf_seq_show (fs/sysfs/file.c:59) [ 132.871164][ T3644] ? device_remove_bin_file (drivers/base/core.c:2088) [ 132.872082][ T3644] kernfs_seq_show (fs/kernfs/file.c:164) [ 132.872838][ T3644] seq_read_iter (fs/seq_file.c:230) [ 132.873578][ T3644] ? __vmalloc_area_node (mm/vmalloc.c:3041) [ 132.874532][ T3644] kernfs_fop_read_iter (fs/kernfs/file.c:238) [ 132.875513][ T3644] __kernel_read (fs/read_write.c:440 (discriminator 1)) [ 132.876319][ T3644] kernel_read (fs/read_write.c:459) [ 132.877129][ T3644] kernel_read_file (fs/kernel_read_file.c:94) [ 132.877978][ T3644] kernel_read_file_from_fd (include/linux/file.h:45 fs/kernel_read_file.c:186) [ 132.879019][ T3644] __do_sys_finit_module (kernel/module.c:4207) [ 132.879930][ T3644] __ia32_sys_finit_module (kernel/module.c:4189) [ 132.880930][ T3644] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) [ 132.881847][ T3644] entry_INT80_compat (arch/x86/entry/entry_64_compat.S:419) To fix it, don't create the unneeded attribute for control device anymore.
AI Analysis
Technical Summary
CVE-2022-49329 is a vulnerability identified in the Linux kernel, specifically within the vduse driver component that handles virtual device user-space access. The issue arises due to a NULL pointer dereference triggered when accessing the 'msg_timeout' attribute of the control device via sysfs. The root cause is that the control device lacks associated driver data (drvdata), but the kernel code attempts to access this non-existent data, leading to a NULL pointer dereference and consequently a kernel crash (BUG). This vulnerability manifests when user-space processes read the 'msg_timeout' attribute, causing the kernel to dereference a NULL pointer and potentially crash or become unstable. The stack trace provided shows the fault occurring in the msg_timeout_show function within the vduse driver, propagating through sysfs and kernel file operations. The fix implemented involves removing the creation of the unnecessary sysfs attribute for the control device, thereby preventing access to the problematic attribute and eliminating the NULL pointer dereference. This vulnerability does not require any special privileges beyond the ability to read sysfs attributes related to the vduse control device. While no known exploits are reported in the wild, the flaw could be triggered by local users or processes with access to the sysfs interface, potentially leading to denial of service via kernel crash. The affected versions are specific Linux kernel commits identified by their hashes, indicating this is a recent and targeted fix. No CVSS score has been assigned yet, and no evidence suggests remote exploitation or privilege escalation capabilities.
Potential Impact
For European organizations, the primary impact of CVE-2022-49329 is the risk of local denial of service (DoS) on Linux systems running vulnerable kernel versions with the vduse driver enabled. This could lead to system instability or crashes when the vulnerable sysfs attribute is accessed, potentially disrupting critical services or applications relying on these Linux systems. Organizations using Linux in server environments, especially those employing virtual device frameworks or containerized workloads that might interact with vduse, could experience unexpected downtime. Although this vulnerability does not directly expose confidentiality or integrity risks, availability is affected, which can have cascading effects on business operations, particularly in sectors like finance, healthcare, and critical infrastructure prevalent in Europe. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation by malicious insiders or automated local attacks. Additionally, Linux is widely used in European data centers, cloud providers, and embedded systems, so the scope of affected systems is significant. Failure to patch could lead to compliance issues under regulations like GDPR if service availability is compromised.
Mitigation Recommendations
European organizations should take the following specific steps to mitigate CVE-2022-49329: 1) Identify Linux systems running kernel versions that include the vulnerable vduse driver by checking kernel versions and commit hashes. 2) Apply the official Linux kernel patches or upgrade to a kernel version where this vulnerability is resolved, ensuring the removal of the problematic sysfs attribute. 3) Restrict access to sysfs interfaces, particularly the vduse control device attributes, to trusted users and processes only, minimizing the risk of accidental or malicious triggering of the vulnerability. 4) Monitor system logs for kernel BUG messages or crashes related to vduse or sysfs access to detect any attempts to exploit this issue. 5) In environments where kernel upgrades are delayed, consider disabling the vduse driver if it is not required, reducing the attack surface. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely remediation. 7) For critical systems, perform controlled testing of kernel updates to avoid service disruption. These targeted actions go beyond generic patching advice by focusing on access control and monitoring specific to the vulnerable component.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-49329: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs: [ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271) [ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094) [ 132.870215][ T3644] sysfs_kf_seq_show (fs/sysfs/file.c:59) [ 132.871164][ T3644] ? device_remove_bin_file (drivers/base/core.c:2088) [ 132.872082][ T3644] kernfs_seq_show (fs/kernfs/file.c:164) [ 132.872838][ T3644] seq_read_iter (fs/seq_file.c:230) [ 132.873578][ T3644] ? __vmalloc_area_node (mm/vmalloc.c:3041) [ 132.874532][ T3644] kernfs_fop_read_iter (fs/kernfs/file.c:238) [ 132.875513][ T3644] __kernel_read (fs/read_write.c:440 (discriminator 1)) [ 132.876319][ T3644] kernel_read (fs/read_write.c:459) [ 132.877129][ T3644] kernel_read_file (fs/kernel_read_file.c:94) [ 132.877978][ T3644] kernel_read_file_from_fd (include/linux/file.h:45 fs/kernel_read_file.c:186) [ 132.879019][ T3644] __do_sys_finit_module (kernel/module.c:4207) [ 132.879930][ T3644] __ia32_sys_finit_module (kernel/module.c:4189) [ 132.880930][ T3644] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) [ 132.881847][ T3644] entry_INT80_compat (arch/x86/entry/entry_64_compat.S:419) To fix it, don't create the unneeded attribute for control device anymore.
AI-Powered Analysis
Technical Analysis
CVE-2022-49329 is a vulnerability identified in the Linux kernel, specifically within the vduse driver component that handles virtual device user-space access. The issue arises due to a NULL pointer dereference triggered when accessing the 'msg_timeout' attribute of the control device via sysfs. The root cause is that the control device lacks associated driver data (drvdata), but the kernel code attempts to access this non-existent data, leading to a NULL pointer dereference and consequently a kernel crash (BUG). This vulnerability manifests when user-space processes read the 'msg_timeout' attribute, causing the kernel to dereference a NULL pointer and potentially crash or become unstable. The stack trace provided shows the fault occurring in the msg_timeout_show function within the vduse driver, propagating through sysfs and kernel file operations. The fix implemented involves removing the creation of the unnecessary sysfs attribute for the control device, thereby preventing access to the problematic attribute and eliminating the NULL pointer dereference. This vulnerability does not require any special privileges beyond the ability to read sysfs attributes related to the vduse control device. While no known exploits are reported in the wild, the flaw could be triggered by local users or processes with access to the sysfs interface, potentially leading to denial of service via kernel crash. The affected versions are specific Linux kernel commits identified by their hashes, indicating this is a recent and targeted fix. No CVSS score has been assigned yet, and no evidence suggests remote exploitation or privilege escalation capabilities.
Potential Impact
For European organizations, the primary impact of CVE-2022-49329 is the risk of local denial of service (DoS) on Linux systems running vulnerable kernel versions with the vduse driver enabled. This could lead to system instability or crashes when the vulnerable sysfs attribute is accessed, potentially disrupting critical services or applications relying on these Linux systems. Organizations using Linux in server environments, especially those employing virtual device frameworks or containerized workloads that might interact with vduse, could experience unexpected downtime. Although this vulnerability does not directly expose confidentiality or integrity risks, availability is affected, which can have cascading effects on business operations, particularly in sectors like finance, healthcare, and critical infrastructure prevalent in Europe. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation by malicious insiders or automated local attacks. Additionally, Linux is widely used in European data centers, cloud providers, and embedded systems, so the scope of affected systems is significant. Failure to patch could lead to compliance issues under regulations like GDPR if service availability is compromised.
Mitigation Recommendations
European organizations should take the following specific steps to mitigate CVE-2022-49329: 1) Identify Linux systems running kernel versions that include the vulnerable vduse driver by checking kernel versions and commit hashes. 2) Apply the official Linux kernel patches or upgrade to a kernel version where this vulnerability is resolved, ensuring the removal of the problematic sysfs attribute. 3) Restrict access to sysfs interfaces, particularly the vduse control device attributes, to trusted users and processes only, minimizing the risk of accidental or malicious triggering of the vulnerability. 4) Monitor system logs for kernel BUG messages or crashes related to vduse or sysfs access to detect any attempts to exploit this issue. 5) In environments where kernel upgrades are delayed, consider disabling the vduse driver if it is not required, reducing the attack surface. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure timely remediation. 7) For critical systems, perform controlled testing of kernel updates to avoid service disruption. These targeted actions go beyond generic patching advice by focusing on access control and monitoring specific to the vulnerable component.
Affected Countries
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.538Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe56c2
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 5:56:18 AM
Last updated: 1/7/2026, 4:15:40 AM
Views: 54
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-20893: Origin validation error in Fujitsu Client Computing Limited Fujitsu Security Solution AuthConductor Client Basic V2
HighCVE-2025-14891: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ivole Customer Reviews for WooCommerce
MediumCVE-2025-14059: CWE-73 External Control of File Name or Path in roxnor EmailKit – Email Customizer for WooCommerce & WP
MediumCVE-2025-12648: CWE-552 Files or Directories Accessible to External Parties in cbutlerjr WP-Members Membership Plugin
MediumCVE-2025-14631: CWE-476 NULL Pointer Dereference in TP-Link Systems Inc. Archer BE400
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.