CVE-2022-49901: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024): comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S...... backtrace: [<000000004a10c249>] kmalloc_node_trace+0x22/0x60 [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350 [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0 [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440 [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0 [<00000000d10c98c3>] 0xffffffffc450d69d [<00000000b9299f48>] 0xffffffffc4538392 [<0000000061c39ed6>] do_one_initcall+0xd0/0x4f0 [<00000000b389383b>] do_init_module+0x1a4/0x680 [<0000000087cf3542>] load_module+0x6249/0x7110 [<00000000beba61b8>] __do_sys_finit_module+0x140/0x200 [<00000000fdcfff51>] do_syscall_64+0x35/0x80 [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 That is because q->ma_ops is set to NULL before blk_release_queue is called. blk_mq_init_queue_data blk_mq_init_allocated_queue blk_mq_realloc_hw_ctxs for (i = 0; i < set->nr_hw_queues; i++) { old_hctx = xa_load(&q->hctx_table, i); if (!blk_mq_alloc_and_init_hctx(.., i, ..)) [1] if (!old_hctx) break; xa_for_each_start(&q->hctx_table, j, hctx, j) blk_mq_exit_hctx(q, set, hctx, j); [2] if (!q->nr_hw_queues) [3] goto err_hctxs; err_exit: q->mq_ops = NULL; [4] blk_put_queue blk_release_queue if (queue_is_mq(q)) [5] blk_mq_release(q); [1]: blk_mq_alloc_and_init_hctx failed at i != 0. [2]: The hctxs allocated by [1] are moved to q->unused_hctx_list and will be cleaned up in blk_mq_release. [3]: q->nr_hw_queues is 0. [4]: Set q->mq_ops to NULL. [5]: queue_is_mq returns false due to [4]. And blk_mq_release will not be called. The hctxs in q->unused_hctx_list are leaked. To fix it, call blk_release_queue in exception path.
AI Analysis
Technical Summary
CVE-2022-49901 is a vulnerability in the Linux kernel's block multi-queue (blk-mq) subsystem, specifically related to memory leak issues during queue initialization. The flaw arises in the blk_mq_init_allocated_queue function when the allocation and initialization of hardware contexts (hctx) fail partway through the process. In this failure scenario, some allocated hardware contexts are moved to an unused list but are never properly released because the queue's mq_ops pointer is set to NULL prematurely. This causes the queue_is_mq check to fail, preventing the blk_mq_release function from being called, which would normally clean up these resources. The root cause is that blk_release_queue is not invoked in the exception path, leading to a kmemleak (kernel memory leak) when modprobe loads the null_blk.ko module. The vulnerability is triggered during module initialization and affects Linux kernel versions identified by the given commit hashes. Although the vulnerability does not directly lead to code execution or privilege escalation, the memory leak can degrade system stability and performance over time, especially on systems that frequently load and unload block device modules or handle high I/O workloads. The detailed backtrace and code path analysis confirm that the leak occurs due to improper cleanup of hardware context structures in blk-mq queues when initialization fails. This issue has been resolved by ensuring blk_release_queue is called on error paths to properly free all allocated resources.
Potential Impact
For European organizations, the impact of CVE-2022-49901 primarily concerns system reliability and availability. Linux is widely used across European enterprises, government agencies, and critical infrastructure sectors, including telecommunications, finance, and manufacturing. Systems running vulnerable Linux kernel versions that handle block devices extensively—such as storage servers, virtualization hosts, and container platforms—may experience gradual memory leaks leading to resource exhaustion, degraded performance, or unexpected system crashes. This can disrupt business operations, cause downtime, and increase maintenance costs. While the vulnerability does not appear to allow direct exploitation for privilege escalation or data compromise, the resulting instability could be leveraged in multi-stage attacks or cause denial-of-service conditions. Organizations relying on automated module loading or dynamic block device management are at higher risk. The absence of known exploits in the wild reduces immediate threat but does not eliminate risk, especially in environments with frequent kernel module operations or custom kernel builds.
Mitigation Recommendations
To mitigate CVE-2022-49901, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) Audit and monitor kernel module loading activities, particularly those involving block device modules like null_blk.ko, to detect abnormal behavior or repeated failures. 3) Implement proactive kernel memory leak detection tools such as kmemleak to identify and alert on memory leaks in test and production environments. 4) Limit the use of dynamic kernel module loading where possible, preferring static kernel builds or controlled module insertion policies to reduce exposure. 5) Regularly update and maintain kernel versions to incorporate security fixes and improvements. 6) For critical systems, consider deploying kernel live patching solutions to minimize downtime while applying fixes. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before production deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2022-49901: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue There is a kmemleak caused by modprobe null_blk.ko unreferenced object 0xffff8881acb1f000 (size 1024): comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S...... backtrace: [<000000004a10c249>] kmalloc_node_trace+0x22/0x60 [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350 [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0 [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440 [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0 [<00000000d10c98c3>] 0xffffffffc450d69d [<00000000b9299f48>] 0xffffffffc4538392 [<0000000061c39ed6>] do_one_initcall+0xd0/0x4f0 [<00000000b389383b>] do_init_module+0x1a4/0x680 [<0000000087cf3542>] load_module+0x6249/0x7110 [<00000000beba61b8>] __do_sys_finit_module+0x140/0x200 [<00000000fdcfff51>] do_syscall_64+0x35/0x80 [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 That is because q->ma_ops is set to NULL before blk_release_queue is called. blk_mq_init_queue_data blk_mq_init_allocated_queue blk_mq_realloc_hw_ctxs for (i = 0; i < set->nr_hw_queues; i++) { old_hctx = xa_load(&q->hctx_table, i); if (!blk_mq_alloc_and_init_hctx(.., i, ..)) [1] if (!old_hctx) break; xa_for_each_start(&q->hctx_table, j, hctx, j) blk_mq_exit_hctx(q, set, hctx, j); [2] if (!q->nr_hw_queues) [3] goto err_hctxs; err_exit: q->mq_ops = NULL; [4] blk_put_queue blk_release_queue if (queue_is_mq(q)) [5] blk_mq_release(q); [1]: blk_mq_alloc_and_init_hctx failed at i != 0. [2]: The hctxs allocated by [1] are moved to q->unused_hctx_list and will be cleaned up in blk_mq_release. [3]: q->nr_hw_queues is 0. [4]: Set q->mq_ops to NULL. [5]: queue_is_mq returns false due to [4]. And blk_mq_release will not be called. The hctxs in q->unused_hctx_list are leaked. To fix it, call blk_release_queue in exception path.
AI-Powered Analysis
Technical Analysis
CVE-2022-49901 is a vulnerability in the Linux kernel's block multi-queue (blk-mq) subsystem, specifically related to memory leak issues during queue initialization. The flaw arises in the blk_mq_init_allocated_queue function when the allocation and initialization of hardware contexts (hctx) fail partway through the process. In this failure scenario, some allocated hardware contexts are moved to an unused list but are never properly released because the queue's mq_ops pointer is set to NULL prematurely. This causes the queue_is_mq check to fail, preventing the blk_mq_release function from being called, which would normally clean up these resources. The root cause is that blk_release_queue is not invoked in the exception path, leading to a kmemleak (kernel memory leak) when modprobe loads the null_blk.ko module. The vulnerability is triggered during module initialization and affects Linux kernel versions identified by the given commit hashes. Although the vulnerability does not directly lead to code execution or privilege escalation, the memory leak can degrade system stability and performance over time, especially on systems that frequently load and unload block device modules or handle high I/O workloads. The detailed backtrace and code path analysis confirm that the leak occurs due to improper cleanup of hardware context structures in blk-mq queues when initialization fails. This issue has been resolved by ensuring blk_release_queue is called on error paths to properly free all allocated resources.
Potential Impact
For European organizations, the impact of CVE-2022-49901 primarily concerns system reliability and availability. Linux is widely used across European enterprises, government agencies, and critical infrastructure sectors, including telecommunications, finance, and manufacturing. Systems running vulnerable Linux kernel versions that handle block devices extensively—such as storage servers, virtualization hosts, and container platforms—may experience gradual memory leaks leading to resource exhaustion, degraded performance, or unexpected system crashes. This can disrupt business operations, cause downtime, and increase maintenance costs. While the vulnerability does not appear to allow direct exploitation for privilege escalation or data compromise, the resulting instability could be leveraged in multi-stage attacks or cause denial-of-service conditions. Organizations relying on automated module loading or dynamic block device management are at higher risk. The absence of known exploits in the wild reduces immediate threat but does not eliminate risk, especially in environments with frequent kernel module operations or custom kernel builds.
Mitigation Recommendations
To mitigate CVE-2022-49901, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) Audit and monitor kernel module loading activities, particularly those involving block device modules like null_blk.ko, to detect abnormal behavior or repeated failures. 3) Implement proactive kernel memory leak detection tools such as kmemleak to identify and alert on memory leaks in test and production environments. 4) Limit the use of dynamic kernel module loading where possible, preferring static kernel builds or controlled module insertion policies to reduce exposure. 5) Regularly update and maintain kernel versions to incorporate security fixes and improvements. 6) For critical systems, consider deploying kernel live patching solutions to minimize downtime while applying fixes. 7) Conduct thorough testing of kernel updates in staging environments to ensure stability and compatibility before production deployment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.245Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3fdc
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 8:26:18 PM
Last updated: 7/29/2025, 5:17:17 AM
Views: 12
Related Threats
CVE-2025-9000: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8993: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8992: Cross-Site Request Forgery in mtons mblog
MediumCVE-2025-8991: Business Logic Errors in linlinjava litemall
MediumCVE-2025-8990: SQL Injection in code-projects Online Medicine Guide
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.