CVE-2022-49441: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk() to print failure message. This can cause a deadlock in the scenario reported by syz-bot below: CPU0 CPU1 CPU2 ---- ---- ---- lock(console_owner); lock(&port_lock_key); lock(&port->lock); lock(&port_lock_key); lock(&port->lock); lock(console_owner); As commit dbdda842fe96 ("printk: Add console owner and waiter logic to load balance console writes") said, such deadlock can be prevented by using printk_deferred() in kmalloc() (which is invoked in the section guarded by the port->lock). But there are too many printk() on the kmalloc() path, and kmalloc() can be called from anywhere, so changing printk() to printk_deferred() is too complicated and inelegant. Therefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so that printk() will not be called, and this deadlock problem can be avoided. Syzbot reported the following lockdep error: ====================================================== WARNING: possible circular locking dependency detected 5.4.143-00237-g08ccc19a-dirty #10 Not tainted ------------------------------------------------------ syz-executor.4/29420 is trying to acquire lock: ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline] ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023 but task is already holding lock: ffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&port->lock){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159 tty_port_tty_get drivers/tty/tty_port.c:288 [inline] <-- lock(&port->lock); tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47 serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767 serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] <-- lock(&port_lock_key); serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870 serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156 [...] -> #1 (&port_lock_key){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159 serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198 <-- lock(&port_lock_key); call_console_drivers kernel/printk/printk.c:1819 [inline] console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504 vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024 <-- lock(console_owner); vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394 printk+0xba/0xed kernel/printk/printk.c:2084 register_console+0x8b3/0xc10 kernel/printk/printk.c:2829 univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681 console_init+0x49d/0x6d3 kernel/printk/printk.c:2915 start_kernel+0x5e9/0x879 init/main.c:713 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241 -> #0 (console_owner){....}-{0:0}: [...] lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734 console_trylock_spinning kernel/printk/printk.c:1773 ---truncated---
AI Analysis
Technical Summary
CVE-2022-49441 is a deadlock vulnerability in the Linux kernel's tty subsystem, specifically related to the interaction between printk() calls and locking mechanisms within the pty_write() function. The vulnerability arises because pty_write() invokes kmalloc(), which may trigger printk() to output failure messages. printk() itself acquires locks, including console_owner, which can lead to a circular locking dependency when combined with other locks such as port->lock and port_lock_key. This circular dependency can cause a deadlock scenario where multiple CPUs are waiting indefinitely for locks held by each other, effectively freezing the affected process or kernel thread. The root cause is that printk() is called while holding port->lock, and printk() attempts to acquire console_owner lock, which is already held or awaited in a conflicting order by other threads. The patch approach avoids changing printk() to printk_deferred() on the kmalloc() path due to complexity and instead suppresses printk() warnings during kmalloc() by specifying the __GFP_NOWARN flag. This prevents printk() from being called during kmalloc() failures, thereby avoiding the deadlock condition. The issue was discovered and reported by syzbot, a kernel fuzzing tool, which detected the circular locking dependency. This vulnerability affects multiple Linux kernel versions as identified by commit hashes and is relevant to systems using the affected kernel versions. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability can cause system instability or hangs in environments running affected Linux kernel versions, particularly those using pty devices extensively, such as terminal servers, embedded systems, or cloud infrastructure nodes. Deadlocks in kernel space can lead to denial of service conditions, impacting availability of critical services. Systems that rely on serial consoles or virtual terminals may be particularly vulnerable to this deadlock scenario. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting denial of service can disrupt business operations, especially in sectors with high availability requirements like finance, healthcare, and telecommunications. Additionally, recovery from kernel deadlocks often requires system reboots, which can cause operational downtime and potential data loss if not managed properly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49441. Since the patch involves kernel code changes, applying vendor-provided kernel updates or mainline kernel patches is the most effective mitigation. For environments where immediate patching is not feasible, organizations should monitor system logs for symptoms of deadlocks related to tty or printk calls and consider limiting workloads that heavily use pty devices or serial consoles. Implementing kernel crash dump and monitoring solutions can help detect and analyze deadlock occurrences. Additionally, organizations should review kernel configuration options related to printk and locking to understand if any custom configurations might exacerbate the issue. Coordination with Linux distribution vendors for timely patch releases and testing in staging environments before production deployment is recommended to avoid regressions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49441: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk() to print failure message. This can cause a deadlock in the scenario reported by syz-bot below: CPU0 CPU1 CPU2 ---- ---- ---- lock(console_owner); lock(&port_lock_key); lock(&port->lock); lock(&port_lock_key); lock(&port->lock); lock(console_owner); As commit dbdda842fe96 ("printk: Add console owner and waiter logic to load balance console writes") said, such deadlock can be prevented by using printk_deferred() in kmalloc() (which is invoked in the section guarded by the port->lock). But there are too many printk() on the kmalloc() path, and kmalloc() can be called from anywhere, so changing printk() to printk_deferred() is too complicated and inelegant. Therefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so that printk() will not be called, and this deadlock problem can be avoided. Syzbot reported the following lockdep error: ====================================================== WARNING: possible circular locking dependency detected 5.4.143-00237-g08ccc19a-dirty #10 Not tainted ------------------------------------------------------ syz-executor.4/29420 is trying to acquire lock: ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline] ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023 but task is already holding lock: ffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&port->lock){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159 tty_port_tty_get drivers/tty/tty_port.c:288 [inline] <-- lock(&port->lock); tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47 serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767 serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] <-- lock(&port_lock_key); serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870 serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156 [...] -> #1 (&port_lock_key){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159 serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198 <-- lock(&port_lock_key); call_console_drivers kernel/printk/printk.c:1819 [inline] console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504 vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024 <-- lock(console_owner); vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394 printk+0xba/0xed kernel/printk/printk.c:2084 register_console+0x8b3/0xc10 kernel/printk/printk.c:2829 univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681 console_init+0x49d/0x6d3 kernel/printk/printk.c:2915 start_kernel+0x5e9/0x879 init/main.c:713 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241 -> #0 (console_owner){....}-{0:0}: [...] lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734 console_trylock_spinning kernel/printk/printk.c:1773 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2022-49441 is a deadlock vulnerability in the Linux kernel's tty subsystem, specifically related to the interaction between printk() calls and locking mechanisms within the pty_write() function. The vulnerability arises because pty_write() invokes kmalloc(), which may trigger printk() to output failure messages. printk() itself acquires locks, including console_owner, which can lead to a circular locking dependency when combined with other locks such as port->lock and port_lock_key. This circular dependency can cause a deadlock scenario where multiple CPUs are waiting indefinitely for locks held by each other, effectively freezing the affected process or kernel thread. The root cause is that printk() is called while holding port->lock, and printk() attempts to acquire console_owner lock, which is already held or awaited in a conflicting order by other threads. The patch approach avoids changing printk() to printk_deferred() on the kmalloc() path due to complexity and instead suppresses printk() warnings during kmalloc() by specifying the __GFP_NOWARN flag. This prevents printk() from being called during kmalloc() failures, thereby avoiding the deadlock condition. The issue was discovered and reported by syzbot, a kernel fuzzing tool, which detected the circular locking dependency. This vulnerability affects multiple Linux kernel versions as identified by commit hashes and is relevant to systems using the affected kernel versions. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability can cause system instability or hangs in environments running affected Linux kernel versions, particularly those using pty devices extensively, such as terminal servers, embedded systems, or cloud infrastructure nodes. Deadlocks in kernel space can lead to denial of service conditions, impacting availability of critical services. Systems that rely on serial consoles or virtual terminals may be particularly vulnerable to this deadlock scenario. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting denial of service can disrupt business operations, especially in sectors with high availability requirements like finance, healthcare, and telecommunications. Additionally, recovery from kernel deadlocks often requires system reboots, which can cause operational downtime and potential data loss if not managed properly.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49441. Since the patch involves kernel code changes, applying vendor-provided kernel updates or mainline kernel patches is the most effective mitigation. For environments where immediate patching is not feasible, organizations should monitor system logs for symptoms of deadlocks related to tty or printk calls and consider limiting workloads that heavily use pty devices or serial consoles. Implementing kernel crash dump and monitoring solutions can help detect and analyze deadlock occurrences. Additionally, organizations should review kernel configuration options related to printk and locking to understand if any custom configurations might exacerbate the issue. Coordination with Linux distribution vendors for timely patch releases and testing in staging environments before production deployment is recommended to avoid regressions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.570Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd693
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/28/2025, 12:41:23 AM
Last updated: 8/10/2025, 12:17:08 PM
Views: 13
Related Threats
CVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumCVE-2025-9051: SQL Injection in projectworlds Travel Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.