CVE-2022-49759: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock). Use threaded irqs to fix this issue and completely remove usage of tasklets. [ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145 [ 20.264643] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 762, name: vmtoolsd [ 20.264645] preempt_count: 101, expected: 0 [ 20.264646] RCU nest depth: 0, expected: 0 [ 20.264647] 1 lock held by vmtoolsd/762: [ 20.264648] #0: ffff0000874ae440 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x60/0x330 [vsock] [ 20.264658] Preemption disabled at: [ 20.264659] [<ffff80000151d7d8>] vmci_send_datagram+0x44/0xa0 [vmw_vmci] [ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1 [ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020 [ 20.264668] Call trace: [ 20.264669] dump_backtrace+0xc4/0x130 [ 20.264672] show_stack+0x24/0x80 [ 20.264673] dump_stack_lvl+0x88/0xb4 [ 20.264676] dump_stack+0x18/0x34 [ 20.264677] __might_resched+0x1a0/0x280 [ 20.264679] __might_sleep+0x58/0x90 [ 20.264681] vmci_read_data+0x74/0x120 [vmw_vmci] [ 20.264683] vmci_dispatch_dgs+0x64/0x204 [vmw_vmci] [ 20.264686] tasklet_action_common.constprop.0+0x13c/0x150 [ 20.264688] tasklet_action+0x40/0x50 [ 20.264689] __do_softirq+0x23c/0x6b4 [ 20.264690] __irq_exit_rcu+0x104/0x214 [ 20.264691] irq_exit_rcu+0x1c/0x50 [ 20.264693] el1_interrupt+0x38/0x6c [ 20.264695] el1h_64_irq_handler+0x18/0x24 [ 20.264696] el1h_64_irq+0x68/0x6c [ 20.264697] preempt_count_sub+0xa4/0xe0 [ 20.264698] _raw_spin_unlock_irqrestore+0x64/0xb0 [ 20.264701] vmci_send_datagram+0x7c/0xa0 [vmw_vmci] [ 20.264703] vmci_datagram_dispatch+0x84/0x100 [vmw_vmci] [ 20.264706] vmci_datagram_send+0x2c/0x40 [vmw_vmci] [ 20.264709] vmci_transport_send_control_pkt+0xb8/0x120 [vmw_vsock_vmci_transport] [ 20.264711] vmci_transport_connect+0x40/0x7c [vmw_vsock_vmci_transport] [ 20.264713] vsock_connect+0x278/0x330 [vsock] [ 20.264715] __sys_connect_file+0x8c/0xc0 [ 20.264718] __sys_connect+0x84/0xb4 [ 20.264720] __arm64_sys_connect+0x2c/0x3c [ 20.264721] invoke_syscall+0x78/0x100 [ 20.264723] el0_svc_common.constprop.0+0x68/0x124 [ 20.264724] do_el0_svc+0x38/0x4c [ 20.264725] el0_svc+0x60/0x180 [ 20.264726] el0t_64_sync_handler+0x11c/0x150 [ 20.264728] el0t_64_sync+0x190/0x194
AI Analysis
Technical Summary
CVE-2022-49759 is a vulnerability in the Linux kernel specifically affecting the VMware VMCI (Virtual Machine Communication Interface) driver component. The issue arises from the use of tasklets in the vmci_dispatch_dgs() function, which calls vmci_read_data(). This function uses wait_event(), a sleeping function, in an atomic context where sleeping is not allowed. Tasklets run in atomic context and must not invoke any functions that can sleep, as this leads to invalid sleep conditions and potential deadlocks. The kernel logs indicate that the vmtoolsd process encounters a BUG due to sleeping in atomic context, with a stack trace showing the problem originating from vmci_send_datagram and related VMCI functions. The fix involves replacing tasklets with threaded interrupts (threaded IRQs), which allow sleeping and thus prevent the deadlock scenario by removing the usage of tasklets entirely. This vulnerability can cause system instability or kernel panics when the VMCI driver is used, particularly in VMware virtualized environments running affected Linux kernel versions. There is no evidence of exploitation in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable commit hashes referenced, and is relevant for systems running VMware tools or VMCI-enabled virtual machines.
Potential Impact
For European organizations, the primary impact of CVE-2022-49759 is on the stability and availability of Linux systems running inside VMware virtualized environments that use the VMCI driver. This includes enterprise servers, cloud infrastructure, and development environments that rely on VMware virtualization with Linux guests. A deadlock or kernel panic caused by this vulnerability could lead to unexpected downtime, disruption of critical services, and potential data loss if systems crash during operations. Organizations with large VMware deployments or those using VMCI features for inter-VM communication are at higher risk. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant, especially for production workloads. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploitation if attackers find ways to trigger the deadlock deliberately.
Mitigation Recommendations
To mitigate CVE-2022-49759, European organizations should: 1) Identify Linux systems running on VMware hypervisors that utilize the VMCI driver and VMware tools. 2) Apply the latest Linux kernel updates that include the fix replacing tasklets with threaded IRQs in the VMCI driver. This patch removes the invalid sleep condition and prevents deadlocks. 3) If immediate patching is not possible, consider disabling the VMCI driver or VMware tools features that rely on VMCI datagram communication as a temporary workaround, understanding this may reduce functionality. 4) Monitor system logs for kernel BUG messages related to vmci_guest.c or vmtoolsd crashes to detect potential triggering of this vulnerability. 5) Test patches in staging environments to ensure stability before production deployment. 6) Maintain updated VMware tools and hypervisor versions to ensure compatibility with patched Linux kernels. These steps go beyond generic advice by focusing on the specific driver and virtualization context involved.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium, Italy, Spain
CVE-2022-49759: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock). Use threaded irqs to fix this issue and completely remove usage of tasklets. [ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145 [ 20.264643] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 762, name: vmtoolsd [ 20.264645] preempt_count: 101, expected: 0 [ 20.264646] RCU nest depth: 0, expected: 0 [ 20.264647] 1 lock held by vmtoolsd/762: [ 20.264648] #0: ffff0000874ae440 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x60/0x330 [vsock] [ 20.264658] Preemption disabled at: [ 20.264659] [<ffff80000151d7d8>] vmci_send_datagram+0x44/0xa0 [vmw_vmci] [ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1 [ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020 [ 20.264668] Call trace: [ 20.264669] dump_backtrace+0xc4/0x130 [ 20.264672] show_stack+0x24/0x80 [ 20.264673] dump_stack_lvl+0x88/0xb4 [ 20.264676] dump_stack+0x18/0x34 [ 20.264677] __might_resched+0x1a0/0x280 [ 20.264679] __might_sleep+0x58/0x90 [ 20.264681] vmci_read_data+0x74/0x120 [vmw_vmci] [ 20.264683] vmci_dispatch_dgs+0x64/0x204 [vmw_vmci] [ 20.264686] tasklet_action_common.constprop.0+0x13c/0x150 [ 20.264688] tasklet_action+0x40/0x50 [ 20.264689] __do_softirq+0x23c/0x6b4 [ 20.264690] __irq_exit_rcu+0x104/0x214 [ 20.264691] irq_exit_rcu+0x1c/0x50 [ 20.264693] el1_interrupt+0x38/0x6c [ 20.264695] el1h_64_irq_handler+0x18/0x24 [ 20.264696] el1h_64_irq+0x68/0x6c [ 20.264697] preempt_count_sub+0xa4/0xe0 [ 20.264698] _raw_spin_unlock_irqrestore+0x64/0xb0 [ 20.264701] vmci_send_datagram+0x7c/0xa0 [vmw_vmci] [ 20.264703] vmci_datagram_dispatch+0x84/0x100 [vmw_vmci] [ 20.264706] vmci_datagram_send+0x2c/0x40 [vmw_vmci] [ 20.264709] vmci_transport_send_control_pkt+0xb8/0x120 [vmw_vsock_vmci_transport] [ 20.264711] vmci_transport_connect+0x40/0x7c [vmw_vsock_vmci_transport] [ 20.264713] vsock_connect+0x278/0x330 [vsock] [ 20.264715] __sys_connect_file+0x8c/0xc0 [ 20.264718] __sys_connect+0x84/0xb4 [ 20.264720] __arm64_sys_connect+0x2c/0x3c [ 20.264721] invoke_syscall+0x78/0x100 [ 20.264723] el0_svc_common.constprop.0+0x68/0x124 [ 20.264724] do_el0_svc+0x38/0x4c [ 20.264725] el0_svc+0x60/0x180 [ 20.264726] el0t_64_sync_handler+0x11c/0x150 [ 20.264728] el0t_64_sync+0x190/0x194
AI-Powered Analysis
Technical Analysis
CVE-2022-49759 is a vulnerability in the Linux kernel specifically affecting the VMware VMCI (Virtual Machine Communication Interface) driver component. The issue arises from the use of tasklets in the vmci_dispatch_dgs() function, which calls vmci_read_data(). This function uses wait_event(), a sleeping function, in an atomic context where sleeping is not allowed. Tasklets run in atomic context and must not invoke any functions that can sleep, as this leads to invalid sleep conditions and potential deadlocks. The kernel logs indicate that the vmtoolsd process encounters a BUG due to sleeping in atomic context, with a stack trace showing the problem originating from vmci_send_datagram and related VMCI functions. The fix involves replacing tasklets with threaded interrupts (threaded IRQs), which allow sleeping and thus prevent the deadlock scenario by removing the usage of tasklets entirely. This vulnerability can cause system instability or kernel panics when the VMCI driver is used, particularly in VMware virtualized environments running affected Linux kernel versions. There is no evidence of exploitation in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable commit hashes referenced, and is relevant for systems running VMware tools or VMCI-enabled virtual machines.
Potential Impact
For European organizations, the primary impact of CVE-2022-49759 is on the stability and availability of Linux systems running inside VMware virtualized environments that use the VMCI driver. This includes enterprise servers, cloud infrastructure, and development environments that rely on VMware virtualization with Linux guests. A deadlock or kernel panic caused by this vulnerability could lead to unexpected downtime, disruption of critical services, and potential data loss if systems crash during operations. Organizations with large VMware deployments or those using VMCI features for inter-VM communication are at higher risk. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant, especially for production workloads. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploitation if attackers find ways to trigger the deadlock deliberately.
Mitigation Recommendations
To mitigate CVE-2022-49759, European organizations should: 1) Identify Linux systems running on VMware hypervisors that utilize the VMCI driver and VMware tools. 2) Apply the latest Linux kernel updates that include the fix replacing tasklets with threaded IRQs in the VMCI driver. This patch removes the invalid sleep condition and prevents deadlocks. 3) If immediate patching is not possible, consider disabling the VMCI driver or VMware tools features that rely on VMCI datagram communication as a temporary workaround, understanding this may reduce functionality. 4) Monitor system logs for kernel BUG messages related to vmci_guest.c or vmtoolsd crashes to detect potential triggering of this vulnerability. 5) Test patches in staging environments to ensure stability before production deployment. 6) Maintain updated VMware tools and hypervisor versions to ensure compatibility with patched Linux kernels. These steps go beyond generic advice by focusing on the specific driver and virtualization context involved.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:39:17.990Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4a8b
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 1:10:57 AM
Last updated: 1/7/2026, 4:15:38 AM
Views: 37
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-20893: Origin validation error in Fujitsu Client Computing Limited Fujitsu Security Solution AuthConductor Client Basic V2
HighCVE-2025-14891: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ivole Customer Reviews for WooCommerce
MediumCVE-2025-14059: CWE-73 External Control of File Name or Path in roxnor EmailKit – Email Customizer for WooCommerce & WP
MediumCVE-2025-12648: CWE-552 Files or Directories Accessible to External Parties in cbutlerjr WP-Members Membership Plugin
MediumCVE-2025-14631: CWE-476 NULL Pointer Dereference in TP-Link Systems Inc. Archer BE400
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.