CVE-2022-49379: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the network interfaces to show up when deferred_probe_timeout was non-zero. While ip_auto_config() calls wait_for_device_probe() to make sure any currently running deferred probe work or asynchronous probe finishes, that wasn't sufficient to account for devices being deferred until deferred_probe_timeout. Commit 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits until the deferred_probe_timeout fires") tried to fix that by making sure wait_for_device_probe() waits for deferred_probe_timeout to expire before returning. However, if wait_for_device_probe() is called from the kernel_init() context: - Before deferred_probe_initcall() [2], it causes the boot process to hang due to a deadlock. - After deferred_probe_initcall() [3], it blocks kernel_init() from continuing till deferred_probe_timeout expires and beats the point of deferred_probe_timeout that's trying to wait for userspace to load modules. Neither of this is good. So revert the changes to wait_for_device_probe(). [1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/ [2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/ [3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/
AI Analysis
Technical Summary
CVE-2022-49379 is a vulnerability in the Linux kernel related to the handling of deferred device probing during system boot. The issue arises from the interaction between the wait_for_device_probe() function and the deferred_probe_timeout mechanism. Deferred probing is a kernel feature that delays the initialization of certain devices until required resources or conditions are met, often to allow userspace modules to load. The vulnerability manifests when mounting an NFS root filesystem times out due to ip_auto_config() waiting indefinitely for network interfaces to become available. This happens because wait_for_device_probe() does not properly wait for the deferred_probe_timeout to expire, causing a deadlock or prolonged blocking in the kernel_init() context. A prior fix attempted to ensure wait_for_device_probe() waits for the deferred_probe_timeout, but this introduced two critical issues: if called before deferred_probe_initcall(), it causes a boot hang due to deadlock; if called after, it blocks kernel_init() until the timeout expires, defeating the purpose of deferred probing. Consequently, the problematic changes were reverted, leaving the underlying timing and synchronization issues unresolved. This vulnerability can cause system boot failures or significant delays, particularly when using network-based root filesystems like NFS. Although no known exploits are reported, the flaw affects the core Linux kernel driver initialization process and can impact system availability during boot.
Potential Impact
For European organizations relying on Linux-based infrastructure, especially those using network booting or NFS root filesystems, this vulnerability can lead to system boot failures or extended downtime. Critical systems such as servers, embedded devices, or network appliances that depend on deferred probing for device initialization may experience hangs or delays, impacting availability and operational continuity. This is particularly relevant for industries with stringent uptime requirements like telecommunications, finance, healthcare, and manufacturing. The inability to boot or delayed boot processes can disrupt services, delay deployments, and increase operational costs. While confidentiality and integrity are not directly impacted, the availability degradation during boot can have cascading effects on business-critical applications and services. Since the vulnerability affects the Linux kernel itself, it has a broad potential impact across various distributions and hardware platforms used in Europe.
Mitigation Recommendations
Organizations should monitor Linux kernel updates and apply patches once a stable fix addressing this deferred probe timing issue is released. In the interim, system administrators can mitigate risk by avoiding configurations that rely on deferred probing with non-zero deferred_probe_timeout values, particularly for network root filesystems like NFS. Testing boot sequences in controlled environments before deployment can help identify if the issue affects specific hardware or kernel versions. Additionally, consider alternative boot methods that do not depend on deferred probing or adjust kernel parameters to minimize deferred_probe_timeout delays. Collaborating with Linux distribution maintainers to track backported fixes and applying vendor-specific patches promptly is critical. For embedded or specialized devices, firmware or kernel customization may be necessary to circumvent the problematic code paths. Maintaining robust backup and recovery procedures ensures rapid restoration if boot failures occur.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49379: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the network interfaces to show up when deferred_probe_timeout was non-zero. While ip_auto_config() calls wait_for_device_probe() to make sure any currently running deferred probe work or asynchronous probe finishes, that wasn't sufficient to account for devices being deferred until deferred_probe_timeout. Commit 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits until the deferred_probe_timeout fires") tried to fix that by making sure wait_for_device_probe() waits for deferred_probe_timeout to expire before returning. However, if wait_for_device_probe() is called from the kernel_init() context: - Before deferred_probe_initcall() [2], it causes the boot process to hang due to a deadlock. - After deferred_probe_initcall() [3], it blocks kernel_init() from continuing till deferred_probe_timeout expires and beats the point of deferred_probe_timeout that's trying to wait for userspace to load modules. Neither of this is good. So revert the changes to wait_for_device_probe(). [1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/ [2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/ [3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/
AI-Powered Analysis
Technical Analysis
CVE-2022-49379 is a vulnerability in the Linux kernel related to the handling of deferred device probing during system boot. The issue arises from the interaction between the wait_for_device_probe() function and the deferred_probe_timeout mechanism. Deferred probing is a kernel feature that delays the initialization of certain devices until required resources or conditions are met, often to allow userspace modules to load. The vulnerability manifests when mounting an NFS root filesystem times out due to ip_auto_config() waiting indefinitely for network interfaces to become available. This happens because wait_for_device_probe() does not properly wait for the deferred_probe_timeout to expire, causing a deadlock or prolonged blocking in the kernel_init() context. A prior fix attempted to ensure wait_for_device_probe() waits for the deferred_probe_timeout, but this introduced two critical issues: if called before deferred_probe_initcall(), it causes a boot hang due to deadlock; if called after, it blocks kernel_init() until the timeout expires, defeating the purpose of deferred probing. Consequently, the problematic changes were reverted, leaving the underlying timing and synchronization issues unresolved. This vulnerability can cause system boot failures or significant delays, particularly when using network-based root filesystems like NFS. Although no known exploits are reported, the flaw affects the core Linux kernel driver initialization process and can impact system availability during boot.
Potential Impact
For European organizations relying on Linux-based infrastructure, especially those using network booting or NFS root filesystems, this vulnerability can lead to system boot failures or extended downtime. Critical systems such as servers, embedded devices, or network appliances that depend on deferred probing for device initialization may experience hangs or delays, impacting availability and operational continuity. This is particularly relevant for industries with stringent uptime requirements like telecommunications, finance, healthcare, and manufacturing. The inability to boot or delayed boot processes can disrupt services, delay deployments, and increase operational costs. While confidentiality and integrity are not directly impacted, the availability degradation during boot can have cascading effects on business-critical applications and services. Since the vulnerability affects the Linux kernel itself, it has a broad potential impact across various distributions and hardware platforms used in Europe.
Mitigation Recommendations
Organizations should monitor Linux kernel updates and apply patches once a stable fix addressing this deferred probe timing issue is released. In the interim, system administrators can mitigate risk by avoiding configurations that rely on deferred probing with non-zero deferred_probe_timeout values, particularly for network root filesystems like NFS. Testing boot sequences in controlled environments before deployment can help identify if the issue affects specific hardware or kernel versions. Additionally, consider alternative boot methods that do not depend on deferred probing or adjust kernel parameters to minimize deferred_probe_timeout delays. Collaborating with Linux distribution maintainers to track backported fixes and applying vendor-specific patches promptly is critical. For embedded or specialized devices, firmware or kernel customization may be necessary to circumvent the problematic code paths. Maintaining robust backup and recovery procedures ensures rapid restoration if boot failures occur.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.558Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5859
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 6:40:22 AM
Last updated: 7/31/2025, 3:23:24 AM
Views: 10
Related Threats
CVE-2025-8898: CWE-862 Missing Authorization in magepeopleteam E-cab Taxi Booking Manager for Woocommerce
CriticalCVE-2025-8896: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
MediumCVE-2025-8089: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in mdempfle Advanced iFrame
MediumCVE-2025-8113: CWE-79 Cross-Site Scripting (XSS) in Ebook Store
MediumCVE-2025-8293: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Theerawat Patthawee Intl DateTime Calendar
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.