CVE-2022-49407: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix this issue the "callback" field is moved to "struct plock_op" to indicate that a cast to "plock_xop" is allowed and does the additional "plock_xop" handling if set. Example of the KASAN output which showed the invalid read: [ 2064.296453] ================================================================== [ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm] [ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484 [ 2064.308168] [ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9 [ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2064.311618] Call Trace: [ 2064.312218] dump_stack_lvl+0x56/0x7b [ 2064.313150] print_address_description.constprop.8+0x21/0x150 [ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.316595] kasan_report.cold.14+0x7f/0x11b [ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.318687] dev_write+0x52b/0x5a0 [dlm] [ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm] [ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10 [ 2064.321926] vfs_write+0x17e/0x930 [ 2064.322769] ? __fget_light+0x1aa/0x220 [ 2064.323753] ksys_write+0xf1/0x1c0 [ 2064.324548] ? __ia32_sys_read+0xb0/0xb0 [ 2064.325464] do_syscall_64+0x3a/0x80 [ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2064.327606] RIP: 0033:0x7f807e4ba96f [ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48 [ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f [ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010 [ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001 [ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80 [ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001 [ 2064.342857] [ 2064.343226] Allocated by task 12438: [ 2064.344057] kasan_save_stack+0x1c/0x40 [ 2064.345079] __kasan_kmalloc+0x84/0xa0 [ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220 [ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm] [ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0 [ 2064.351070] fcntl_setlk+0x281/0xbc0 [ 2064.352879] do_fcntl+0x5e4/0xfe0 [ 2064.354657] __x64_sys_fcntl+0x11f/0x170 [ 2064.356550] do_syscall_64+0x3a/0x80 [ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2064.360745] [ 2064.361511] Last potentially related work creation: [ 2064.363957] kasan_save_stack+0x1c/0x40 [ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0 [ 2064.368100] call_rcu+0x11b/0xf70 [ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm] [ 2064.372404] receive_from_sock+0x290/0x770 [dlm] [ 2064.374607] process_recv_sockets+0x32/0x40 [dlm] [ 2064.377290] process_one_work+0x9a8/0x16e0 [ 2064.379357] worker_thread+0x87/0xbf0 [ 2064.381188] kthread+0x3ac/0x490 [ 2064.383460] ret_from_fork+0x22/0x30 [ 2064.385588] [ 2064.386518] Second to last potentially related work creation: [ 2064.389219] kasan_save_stack+0x1c/0x40 [ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0 [ 2064.393303] call_rcu+0x11b/0xf70 [ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm] [ 2064.397694] receive_from_sock+0x290/0x770 ---truncated---
AI Analysis
Technical Summary
CVE-2022-49407 is a vulnerability identified in the Linux kernel's Distributed Lock Manager (DLM) subsystem, specifically related to an invalid memory read in the plock (posix lock) operations. The issue arises due to improper handling of a data structure cast between "struct plock_op" and "struct plock_xop" during lock unlock and communication operations. When an unlock operation allocates a "plock_op" structure and appends it to a global send_list, subsequent operations such as dev_read() and dev_write() may move this structure to a recv_list and then cast it incorrectly to "plock_xop". This cast leads to accessing fields that exist only in "plock_xop", causing an invalid read and potential out-of-bounds memory access, as detected by Kernel Address Sanitizer (KASAN). The patch fixes this by moving the "callback" field into "plock_op" to safely indicate when a cast to "plock_xop" is valid and to perform additional handling accordingly. The vulnerability could lead to kernel crashes or undefined behavior due to memory corruption. The detailed KASAN output shows the invalid read occurring in dev_write(), triggered by the dlm_controld process, which is part of the DLM daemon responsible for distributed locking in clustered environments. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable DLM code prior to the patch. This flaw is particularly relevant in environments using clustered file systems or distributed lock management on Linux, such as in high-availability clusters or distributed storage systems.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to infrastructures relying on Linux-based clustered environments, distributed file systems, or high-availability clusters that use the DLM subsystem. Exploitation could cause kernel crashes leading to denial of service (DoS), potentially disrupting critical services and applications. In sensitive environments such as financial institutions, healthcare providers, or industrial control systems, such disruptions could have significant operational and economic consequences. Although no remote code execution or privilege escalation is directly indicated, the invalid memory read could be leveraged in complex attack chains or combined with other vulnerabilities to escalate impact. The risk is heightened in data centers and cloud providers across Europe that use Linux clusters for scalability and redundancy. Additionally, organizations running virtualized environments on Linux hosts (e.g., KVM-based virtualization) might face instability if the kernel is compromised. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation once the vulnerability details are widely known.
Mitigation Recommendations
European organizations should prioritize applying the official Linux kernel patches that address CVE-2022-49407 as soon as they become available from their Linux distribution vendors. Given the complexity of the DLM subsystem, it is critical to test patches in staging environments before production deployment to avoid unintended disruptions. Organizations should audit their infrastructure to identify systems running Linux kernels with the vulnerable DLM code, especially those involved in clustered or distributed lock management. Where patching is delayed, consider isolating or limiting access to affected systems to trusted users and networks to reduce exposure. Monitoring kernel logs for KASAN or other memory error reports can help detect attempts to trigger this vulnerability. Additionally, implementing kernel hardening features such as Kernel Page Table Isolation (KPTI), Kernel Address Space Layout Randomization (KASLR), and enabling SELinux or AppArmor policies can reduce the attack surface. For critical clusters, consider redundancy and failover strategies to mitigate potential denial of service caused by kernel instability. Finally, maintain up-to-date backups and incident response plans tailored for kernel-level failures.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-49407: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix this issue the "callback" field is moved to "struct plock_op" to indicate that a cast to "plock_xop" is allowed and does the additional "plock_xop" handling if set. Example of the KASAN output which showed the invalid read: [ 2064.296453] ================================================================== [ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm] [ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484 [ 2064.308168] [ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9 [ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 2064.311618] Call Trace: [ 2064.312218] dump_stack_lvl+0x56/0x7b [ 2064.313150] print_address_description.constprop.8+0x21/0x150 [ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.316595] kasan_report.cold.14+0x7f/0x11b [ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm] [ 2064.318687] dev_write+0x52b/0x5a0 [dlm] [ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm] [ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10 [ 2064.321926] vfs_write+0x17e/0x930 [ 2064.322769] ? __fget_light+0x1aa/0x220 [ 2064.323753] ksys_write+0xf1/0x1c0 [ 2064.324548] ? __ia32_sys_read+0xb0/0xb0 [ 2064.325464] do_syscall_64+0x3a/0x80 [ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2064.327606] RIP: 0033:0x7f807e4ba96f [ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48 [ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f [ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010 [ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001 [ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80 [ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001 [ 2064.342857] [ 2064.343226] Allocated by task 12438: [ 2064.344057] kasan_save_stack+0x1c/0x40 [ 2064.345079] __kasan_kmalloc+0x84/0xa0 [ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220 [ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm] [ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0 [ 2064.351070] fcntl_setlk+0x281/0xbc0 [ 2064.352879] do_fcntl+0x5e4/0xfe0 [ 2064.354657] __x64_sys_fcntl+0x11f/0x170 [ 2064.356550] do_syscall_64+0x3a/0x80 [ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 2064.360745] [ 2064.361511] Last potentially related work creation: [ 2064.363957] kasan_save_stack+0x1c/0x40 [ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0 [ 2064.368100] call_rcu+0x11b/0xf70 [ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm] [ 2064.372404] receive_from_sock+0x290/0x770 [dlm] [ 2064.374607] process_recv_sockets+0x32/0x40 [dlm] [ 2064.377290] process_one_work+0x9a8/0x16e0 [ 2064.379357] worker_thread+0x87/0xbf0 [ 2064.381188] kthread+0x3ac/0x490 [ 2064.383460] ret_from_fork+0x22/0x30 [ 2064.385588] [ 2064.386518] Second to last potentially related work creation: [ 2064.389219] kasan_save_stack+0x1c/0x40 [ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0 [ 2064.393303] call_rcu+0x11b/0xf70 [ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm] [ 2064.397694] receive_from_sock+0x290/0x770 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2022-49407 is a vulnerability identified in the Linux kernel's Distributed Lock Manager (DLM) subsystem, specifically related to an invalid memory read in the plock (posix lock) operations. The issue arises due to improper handling of a data structure cast between "struct plock_op" and "struct plock_xop" during lock unlock and communication operations. When an unlock operation allocates a "plock_op" structure and appends it to a global send_list, subsequent operations such as dev_read() and dev_write() may move this structure to a recv_list and then cast it incorrectly to "plock_xop". This cast leads to accessing fields that exist only in "plock_xop", causing an invalid read and potential out-of-bounds memory access, as detected by Kernel Address Sanitizer (KASAN). The patch fixes this by moving the "callback" field into "plock_op" to safely indicate when a cast to "plock_xop" is valid and to perform additional handling accordingly. The vulnerability could lead to kernel crashes or undefined behavior due to memory corruption. The detailed KASAN output shows the invalid read occurring in dev_write(), triggered by the dlm_controld process, which is part of the DLM daemon responsible for distributed locking in clustered environments. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable DLM code prior to the patch. This flaw is particularly relevant in environments using clustered file systems or distributed lock management on Linux, such as in high-availability clusters or distributed storage systems.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to infrastructures relying on Linux-based clustered environments, distributed file systems, or high-availability clusters that use the DLM subsystem. Exploitation could cause kernel crashes leading to denial of service (DoS), potentially disrupting critical services and applications. In sensitive environments such as financial institutions, healthcare providers, or industrial control systems, such disruptions could have significant operational and economic consequences. Although no remote code execution or privilege escalation is directly indicated, the invalid memory read could be leveraged in complex attack chains or combined with other vulnerabilities to escalate impact. The risk is heightened in data centers and cloud providers across Europe that use Linux clusters for scalability and redundancy. Additionally, organizations running virtualized environments on Linux hosts (e.g., KVM-based virtualization) might face instability if the kernel is compromised. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation once the vulnerability details are widely known.
Mitigation Recommendations
European organizations should prioritize applying the official Linux kernel patches that address CVE-2022-49407 as soon as they become available from their Linux distribution vendors. Given the complexity of the DLM subsystem, it is critical to test patches in staging environments before production deployment to avoid unintended disruptions. Organizations should audit their infrastructure to identify systems running Linux kernels with the vulnerable DLM code, especially those involved in clustered or distributed lock management. Where patching is delayed, consider isolating or limiting access to affected systems to trusted users and networks to reduce exposure. Monitoring kernel logs for KASAN or other memory error reports can help detect attempts to trigger this vulnerability. Additionally, implementing kernel hardening features such as Kernel Page Table Isolation (KPTI), Kernel Address Space Layout Randomization (KASLR), and enabling SELinux or AppArmor policies can reduce the attack surface. For critical clusters, consider redundancy and failover strategies to mitigate potential denial of service caused by kernel instability. Finally, maintain up-to-date backups and incident response plans tailored for kernel-level failures.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.566Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe590f
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 6:56:29 AM
Last updated: 8/17/2025, 8:15:51 PM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.