CVE-2022-49759: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock). Use threaded irqs to fix this issue and completely remove usage of tasklets. [ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145 [ 20.264643] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 762, name: vmtoolsd [ 20.264645] preempt_count: 101, expected: 0 [ 20.264646] RCU nest depth: 0, expected: 0 [ 20.264647] 1 lock held by vmtoolsd/762: [ 20.264648] #0: ffff0000874ae440 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x60/0x330 [vsock] [ 20.264658] Preemption disabled at: [ 20.264659] [<ffff80000151d7d8>] vmci_send_datagram+0x44/0xa0 [vmw_vmci] [ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1 [ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020 [ 20.264668] Call trace: [ 20.264669] dump_backtrace+0xc4/0x130 [ 20.264672] show_stack+0x24/0x80 [ 20.264673] dump_stack_lvl+0x88/0xb4 [ 20.264676] dump_stack+0x18/0x34 [ 20.264677] __might_resched+0x1a0/0x280 [ 20.264679] __might_sleep+0x58/0x90 [ 20.264681] vmci_read_data+0x74/0x120 [vmw_vmci] [ 20.264683] vmci_dispatch_dgs+0x64/0x204 [vmw_vmci] [ 20.264686] tasklet_action_common.constprop.0+0x13c/0x150 [ 20.264688] tasklet_action+0x40/0x50 [ 20.264689] __do_softirq+0x23c/0x6b4 [ 20.264690] __irq_exit_rcu+0x104/0x214 [ 20.264691] irq_exit_rcu+0x1c/0x50 [ 20.264693] el1_interrupt+0x38/0x6c [ 20.264695] el1h_64_irq_handler+0x18/0x24 [ 20.264696] el1h_64_irq+0x68/0x6c [ 20.264697] preempt_count_sub+0xa4/0xe0 [ 20.264698] _raw_spin_unlock_irqrestore+0x64/0xb0 [ 20.264701] vmci_send_datagram+0x7c/0xa0 [vmw_vmci] [ 20.264703] vmci_datagram_dispatch+0x84/0x100 [vmw_vmci] [ 20.264706] vmci_datagram_send+0x2c/0x40 [vmw_vmci] [ 20.264709] vmci_transport_send_control_pkt+0xb8/0x120 [vmw_vsock_vmci_transport] [ 20.264711] vmci_transport_connect+0x40/0x7c [vmw_vsock_vmci_transport] [ 20.264713] vsock_connect+0x278/0x330 [vsock] [ 20.264715] __sys_connect_file+0x8c/0xc0 [ 20.264718] __sys_connect+0x84/0xb4 [ 20.264720] __arm64_sys_connect+0x2c/0x3c [ 20.264721] invoke_syscall+0x78/0x100 [ 20.264723] el0_svc_common.constprop.0+0x68/0x124 [ 20.264724] do_el0_svc+0x38/0x4c [ 20.264725] el0_svc+0x60/0x180 [ 20.264726] el0t_64_sync_handler+0x11c/0x150 [ 20.264728] el0t_64_sync+0x190/0x194
AI Analysis
Technical Summary
CVE-2022-49759 is a vulnerability in the Linux kernel specifically affecting the VMware VMCI (Virtual Machine Communication Interface) driver component. The issue arises from the use of tasklets in the vmci_dispatch_dgs() function, which calls vmci_read_data(). This function uses wait_event(), a sleeping function, in an atomic context where sleeping is not allowed. Tasklets run in atomic context and must not invoke any functions that can sleep, as this leads to invalid sleep conditions and potential deadlocks. The kernel logs indicate that the vmtoolsd process encounters a BUG due to sleeping in atomic context, with a stack trace showing the problem originating from vmci_send_datagram and related VMCI functions. The fix involves replacing tasklets with threaded interrupts (threaded IRQs), which allow sleeping and thus prevent the deadlock scenario by removing the usage of tasklets entirely. This vulnerability can cause system instability or kernel panics when the VMCI driver is used, particularly in VMware virtualized environments running affected Linux kernel versions. There is no evidence of exploitation in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable commit hashes referenced, and is relevant for systems running VMware tools or VMCI-enabled virtual machines.
Potential Impact
For European organizations, the primary impact of CVE-2022-49759 is on the stability and availability of Linux systems running inside VMware virtualized environments that use the VMCI driver. This includes enterprise servers, cloud infrastructure, and development environments that rely on VMware virtualization with Linux guests. A deadlock or kernel panic caused by this vulnerability could lead to unexpected downtime, disruption of critical services, and potential data loss if systems crash during operations. Organizations with large VMware deployments or those using VMCI features for inter-VM communication are at higher risk. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant, especially for production workloads. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploitation if attackers find ways to trigger the deadlock deliberately.
Mitigation Recommendations
To mitigate CVE-2022-49759, European organizations should: 1) Identify Linux systems running on VMware hypervisors that utilize the VMCI driver and VMware tools. 2) Apply the latest Linux kernel updates that include the fix replacing tasklets with threaded IRQs in the VMCI driver. This patch removes the invalid sleep condition and prevents deadlocks. 3) If immediate patching is not possible, consider disabling the VMCI driver or VMware tools features that rely on VMCI datagram communication as a temporary workaround, understanding this may reduce functionality. 4) Monitor system logs for kernel BUG messages related to vmci_guest.c or vmtoolsd crashes to detect potential triggering of this vulnerability. 5) Test patches in staging environments to ensure stability before production deployment. 6) Maintain updated VMware tools and hypervisor versions to ensure compatibility with patched Linux kernels. These steps go beyond generic advice by focusing on the specific driver and virtualization context involved.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium, Italy, Spain
CVE-2022-49759: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock). Use threaded irqs to fix this issue and completely remove usage of tasklets. [ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145 [ 20.264643] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 762, name: vmtoolsd [ 20.264645] preempt_count: 101, expected: 0 [ 20.264646] RCU nest depth: 0, expected: 0 [ 20.264647] 1 lock held by vmtoolsd/762: [ 20.264648] #0: ffff0000874ae440 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x60/0x330 [vsock] [ 20.264658] Preemption disabled at: [ 20.264659] [<ffff80000151d7d8>] vmci_send_datagram+0x44/0xa0 [vmw_vmci] [ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1 [ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020 [ 20.264668] Call trace: [ 20.264669] dump_backtrace+0xc4/0x130 [ 20.264672] show_stack+0x24/0x80 [ 20.264673] dump_stack_lvl+0x88/0xb4 [ 20.264676] dump_stack+0x18/0x34 [ 20.264677] __might_resched+0x1a0/0x280 [ 20.264679] __might_sleep+0x58/0x90 [ 20.264681] vmci_read_data+0x74/0x120 [vmw_vmci] [ 20.264683] vmci_dispatch_dgs+0x64/0x204 [vmw_vmci] [ 20.264686] tasklet_action_common.constprop.0+0x13c/0x150 [ 20.264688] tasklet_action+0x40/0x50 [ 20.264689] __do_softirq+0x23c/0x6b4 [ 20.264690] __irq_exit_rcu+0x104/0x214 [ 20.264691] irq_exit_rcu+0x1c/0x50 [ 20.264693] el1_interrupt+0x38/0x6c [ 20.264695] el1h_64_irq_handler+0x18/0x24 [ 20.264696] el1h_64_irq+0x68/0x6c [ 20.264697] preempt_count_sub+0xa4/0xe0 [ 20.264698] _raw_spin_unlock_irqrestore+0x64/0xb0 [ 20.264701] vmci_send_datagram+0x7c/0xa0 [vmw_vmci] [ 20.264703] vmci_datagram_dispatch+0x84/0x100 [vmw_vmci] [ 20.264706] vmci_datagram_send+0x2c/0x40 [vmw_vmci] [ 20.264709] vmci_transport_send_control_pkt+0xb8/0x120 [vmw_vsock_vmci_transport] [ 20.264711] vmci_transport_connect+0x40/0x7c [vmw_vsock_vmci_transport] [ 20.264713] vsock_connect+0x278/0x330 [vsock] [ 20.264715] __sys_connect_file+0x8c/0xc0 [ 20.264718] __sys_connect+0x84/0xb4 [ 20.264720] __arm64_sys_connect+0x2c/0x3c [ 20.264721] invoke_syscall+0x78/0x100 [ 20.264723] el0_svc_common.constprop.0+0x68/0x124 [ 20.264724] do_el0_svc+0x38/0x4c [ 20.264725] el0_svc+0x60/0x180 [ 20.264726] el0t_64_sync_handler+0x11c/0x150 [ 20.264728] el0t_64_sync+0x190/0x194
AI-Powered Analysis
Technical Analysis
CVE-2022-49759 is a vulnerability in the Linux kernel specifically affecting the VMware VMCI (Virtual Machine Communication Interface) driver component. The issue arises from the use of tasklets in the vmci_dispatch_dgs() function, which calls vmci_read_data(). This function uses wait_event(), a sleeping function, in an atomic context where sleeping is not allowed. Tasklets run in atomic context and must not invoke any functions that can sleep, as this leads to invalid sleep conditions and potential deadlocks. The kernel logs indicate that the vmtoolsd process encounters a BUG due to sleeping in atomic context, with a stack trace showing the problem originating from vmci_send_datagram and related VMCI functions. The fix involves replacing tasklets with threaded interrupts (threaded IRQs), which allow sleeping and thus prevent the deadlock scenario by removing the usage of tasklets entirely. This vulnerability can cause system instability or kernel panics when the VMCI driver is used, particularly in VMware virtualized environments running affected Linux kernel versions. There is no evidence of exploitation in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the vulnerable commit hashes referenced, and is relevant for systems running VMware tools or VMCI-enabled virtual machines.
Potential Impact
For European organizations, the primary impact of CVE-2022-49759 is on the stability and availability of Linux systems running inside VMware virtualized environments that use the VMCI driver. This includes enterprise servers, cloud infrastructure, and development environments that rely on VMware virtualization with Linux guests. A deadlock or kernel panic caused by this vulnerability could lead to unexpected downtime, disruption of critical services, and potential data loss if systems crash during operations. Organizations with large VMware deployments or those using VMCI features for inter-VM communication are at higher risk. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant, especially for production workloads. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or potential future exploitation if attackers find ways to trigger the deadlock deliberately.
Mitigation Recommendations
To mitigate CVE-2022-49759, European organizations should: 1) Identify Linux systems running on VMware hypervisors that utilize the VMCI driver and VMware tools. 2) Apply the latest Linux kernel updates that include the fix replacing tasklets with threaded IRQs in the VMCI driver. This patch removes the invalid sleep condition and prevents deadlocks. 3) If immediate patching is not possible, consider disabling the VMCI driver or VMware tools features that rely on VMCI datagram communication as a temporary workaround, understanding this may reduce functionality. 4) Monitor system logs for kernel BUG messages related to vmci_guest.c or vmtoolsd crashes to detect potential triggering of this vulnerability. 5) Test patches in staging environments to ensure stability before production deployment. 6) Maintain updated VMware tools and hypervisor versions to ensure compatibility with patched Linux kernels. These steps go beyond generic advice by focusing on the specific driver and virtualization context involved.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-27T16:39:17.990Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4a8b
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 1:10:57 AM
Last updated: 8/18/2025, 12:40:34 AM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.