CVE-2022-49295
- Source
- https://cve.org/CVERecord?id=CVE-2022-49295
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49295.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49295
- Downstream
- Related
- Published
- 2025-02-26T02:01:25.659Z
- Modified
- 2026-04-11T12:43:51.580200Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- nbd: call genl_unregister_family() first in nbd_cleanup()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nbd: call genlunregisterfamily() first in nbd_cleanup()
Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:downwrite+0x1a/0x50 Call Trace: startcreating+0x89/0x130 debugfscreatedir+0x1b/0x130 nbdstartdevice+0x13d/0x390 [nbd] nbdgenlconnect+0x42f/0x748 [nbd] genlfamilyrcvmsgdoit.isra.0+0xec/0x150 genlrcvmsg+0xe5/0x1e0 netlinkrcvskb+0x55/0x100 genlrcv+0x29/0x40 netlinkunicast+0x1a8/0x250 netlink_sendmsg+0x21b/0x430 ____sys_sendmsg+0x2a4/0x2d0 ___sys_sendmsg+0x81/0xc0 __sys_sendmsg+0x62/0xb0 __x64syssendmsg+0x1f/0x30 dosyscall64+0x3b/0xc0 entrySYSCALL64afterhwframe+0x44/0xae Modules linked in: nbd(E-)
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49295.json" }- References
-
- https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c
- https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e
- https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e
- https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79
- https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f
- https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25
- https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca
- https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49295.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49295
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede46c7287b1c27683a8e30ca825fb98e2b97f1099Fixed8a1435c862ea09b06be7acda325128dc08458e25Fixed013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5cFixed1be608e1ee1f222464b2856bda9b85ab5184a33eFixedc0868f6e728c3c28bef0e8bee89d2daf86a8bbcaFixedcbeafa7a79d08ecdb55f8f1d41a11323d0f709dbFixed6f505bbb8063fd3a238a4239d2d8c165e5279f6fFixed3d5da1ffba3388c2ae2e6c598855a4d887d3bf79Fixed06c4da89c24e7023ea448cadf8e9daf06a0aae6e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.12.0Fixed4.14.283
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.247
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.198
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.122
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.47
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed5.17.15
- Type
- ECOSYSTEM
- Events
-
Introduced5.18.0Fixed5.18.4