CVE-2022-49839: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Call trace: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_phy_delete+0x30/0x60 [scsi_transport_sas] do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x40/0x50 [scsi_transport_sas] sas_remove_host+0x20/0x38 [scsi_transport_sas] hisi_sas_remove+0x40/0x68 [hisi_sas_main] hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw] platform_remove+0x2c/0x60 Fix this by checking and handling return value of transport_add_device() in sas_phy_add().
AI Analysis
Technical Summary
CVE-2022-49839 is a vulnerability identified in the Linux kernel specifically within the SCSI transport subsystem for SAS (Serial Attached SCSI) devices. The flaw exists in the error handling logic of the sas_phy_add() function. When the function transport_add_device() fails during the addition of a SAS physical link (phy), the kernel does not properly handle this failure. Subsequently, when the kernel attempts to remove the device via transport_remove_device() called from sas_remove_host(), it tries to delete a device that was never successfully added. This leads to a NULL pointer dereference at a low virtual address (0x108), causing a kernel crash (kernel panic). The crash occurs in device_del() and related functions during device removal. The root cause is the lack of checking and handling the return value of transport_add_device() in sas_phy_add(). This vulnerability can cause a denial of service (DoS) by crashing the kernel, potentially leading to system downtime or reboot. The issue affects Linux kernel versions prior to the fix and is particularly relevant for systems using SAS storage devices and the related drivers (e.g., hisi_sas). No known exploits are currently reported in the wild. The fix involves adding proper error checking and handling in the sas_phy_add() function to prevent the kernel from attempting to delete a non-existent device. No CVSS score has been assigned yet to this vulnerability.
Potential Impact
For European organizations, the impact of CVE-2022-49839 primarily manifests as a potential denial of service condition on Linux systems utilizing SAS storage hardware. This could affect data centers, enterprise servers, and critical infrastructure relying on Linux servers with SAS devices. A kernel crash can lead to unexpected system reboots, service interruptions, and potential data loss if unsaved data is present. Organizations running high-availability services or critical applications on affected Linux kernels may experience downtime, impacting business continuity and operational efficiency. Additionally, repeated exploitation could be used as a vector for targeted disruption. Although no remote code execution or privilege escalation is indicated, the DoS impact on availability is significant. European sectors with heavy reliance on Linux-based storage servers, such as finance, telecommunications, manufacturing, and government, could be particularly affected. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent future exploitation.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the error handling in sas_phy_add() as soon as they become available from trusted Linux distributions or kernel maintainers. 2. For organizations using custom or embedded Linux kernels, backport the fix or update to a kernel version that includes the patch. 3. Monitor kernel updates and security advisories from Linux vendors and distributions to ensure timely patching. 4. Implement robust monitoring and alerting for kernel crashes and system reboots to detect potential exploitation attempts early. 5. Where feasible, isolate critical SAS storage systems and limit access to trusted administrators to reduce risk of accidental or malicious triggering of the vulnerability. 6. Conduct thorough testing of kernel updates in staging environments before production deployment to avoid regressions. 7. Maintain regular backups of critical data to mitigate impact of unexpected downtime. 8. Consider deploying kernel crash dump and analysis tools to facilitate rapid diagnosis if crashes occur. These measures go beyond generic advice by focusing on proactive patch management, monitoring, and operational resilience specific to SAS device environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2022-49839: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Call trace: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_phy_delete+0x30/0x60 [scsi_transport_sas] do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x40/0x50 [scsi_transport_sas] sas_remove_host+0x20/0x38 [scsi_transport_sas] hisi_sas_remove+0x40/0x68 [hisi_sas_main] hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw] platform_remove+0x2c/0x60 Fix this by checking and handling return value of transport_add_device() in sas_phy_add().
AI-Powered Analysis
Technical Analysis
CVE-2022-49839 is a vulnerability identified in the Linux kernel specifically within the SCSI transport subsystem for SAS (Serial Attached SCSI) devices. The flaw exists in the error handling logic of the sas_phy_add() function. When the function transport_add_device() fails during the addition of a SAS physical link (phy), the kernel does not properly handle this failure. Subsequently, when the kernel attempts to remove the device via transport_remove_device() called from sas_remove_host(), it tries to delete a device that was never successfully added. This leads to a NULL pointer dereference at a low virtual address (0x108), causing a kernel crash (kernel panic). The crash occurs in device_del() and related functions during device removal. The root cause is the lack of checking and handling the return value of transport_add_device() in sas_phy_add(). This vulnerability can cause a denial of service (DoS) by crashing the kernel, potentially leading to system downtime or reboot. The issue affects Linux kernel versions prior to the fix and is particularly relevant for systems using SAS storage devices and the related drivers (e.g., hisi_sas). No known exploits are currently reported in the wild. The fix involves adding proper error checking and handling in the sas_phy_add() function to prevent the kernel from attempting to delete a non-existent device. No CVSS score has been assigned yet to this vulnerability.
Potential Impact
For European organizations, the impact of CVE-2022-49839 primarily manifests as a potential denial of service condition on Linux systems utilizing SAS storage hardware. This could affect data centers, enterprise servers, and critical infrastructure relying on Linux servers with SAS devices. A kernel crash can lead to unexpected system reboots, service interruptions, and potential data loss if unsaved data is present. Organizations running high-availability services or critical applications on affected Linux kernels may experience downtime, impacting business continuity and operational efficiency. Additionally, repeated exploitation could be used as a vector for targeted disruption. Although no remote code execution or privilege escalation is indicated, the DoS impact on availability is significant. European sectors with heavy reliance on Linux-based storage servers, such as finance, telecommunications, manufacturing, and government, could be particularly affected. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent future exploitation.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the error handling in sas_phy_add() as soon as they become available from trusted Linux distributions or kernel maintainers. 2. For organizations using custom or embedded Linux kernels, backport the fix or update to a kernel version that includes the patch. 3. Monitor kernel updates and security advisories from Linux vendors and distributions to ensure timely patching. 4. Implement robust monitoring and alerting for kernel crashes and system reboots to detect potential exploitation attempts early. 5. Where feasible, isolate critical SAS storage systems and limit access to trusted administrators to reduce risk of accidental or malicious triggering of the vulnerability. 6. Conduct thorough testing of kernel updates in staging environments before production deployment to avoid regressions. 7. Maintain regular backups of critical data to mitigate impact of unexpected downtime. 8. Consider deploying kernel crash dump and analysis tools to facilitate rapid diagnosis if crashes occur. These measures go beyond generic advice by focusing on proactive patch management, monitoring, and operational resilience specific to SAS device environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.229Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4de1
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 2:25:53 AM
Last updated: 8/8/2025, 4:25:02 PM
Views: 17
Related Threats
CVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumCVE-2025-8482: CWE-862 Missing Authorization in 10up Simple Local Avatars
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.