What is the severity of CVE-2022-49371?

CVE-2022-49371 has a medium severity level due to its potential to cause deadlock in the device attachment process.

How do I fix CVE-2022-49371?

To fix CVE-2022-49371, update the Linux kernel to the latest stable version where this vulnerability has been resolved.

Which versions of the Linux kernel are affected by CVE-2022-49371?

CVE-2022-49371 affects Linux kernel versions from 4.2 up to 5.18.4, with several specific ranges in between.

What is the impact of CVE-2022-49371?

The impact of CVE-2022-49371 can lead to a system deadlock, which may disrupt operations that rely on device attachment.

When was CVE-2022-49371 disclosed?

CVE-2022-49371 was disclosed in late 2022 as part of ongoing security updates to the Linux kernel.

Vulnerability/
CVE-2022-49371

medium

5.5

CWE

667

26/2/2025

14/4/2025

CVE-2022-49371: driver core: fix deadlock in __device_attach

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows: ... __device_attach device_lock(dev) // get lock dev async_schedule_dev(__device_attach_async_helper, dev); // func async_schedule_node async_schedule_node_domain(func) entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC); /* when fail or work limit, sync to execute func, but __device_attach_async_helper will get lock dev as well, which will lead to A-A deadlock. */ if (!entry || atomic_read(&entry_count) > MAX_WORK) { func; else queue_work_node(node, system_unbound_wq, &entry->work) device_unlock(dev) As shown above, when it is allowed to do async probes, because of out of memory or work limit, async work is not allowed, to do sync execute instead. it will lead to A-A deadlock because of __device_attach_async_helper getting lock dev. To fix the deadlock, move the async_schedule_dev outside device_lock, as we can see, in async_schedule_node_domain, the parameter of queue_work_node is system_unbound_wq, so it can accept concurrent operations. which will also not change the code logic, and will not lead to deadlock.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=4.2<5.4.198
Linux Kernel	>=5.5<5.10.122
Linux Kernel	>=5.11<5.15.47
Linux Kernel	>=5.16<5.17.15
Linux Kernel	>=5.18<5.18.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49371?
CVE-2022-49371 has a medium severity level due to its potential to cause deadlock in the device attachment process.
How do I fix CVE-2022-49371?
To fix CVE-2022-49371, update the Linux kernel to the latest stable version where this vulnerability has been resolved.
Which versions of the Linux kernel are affected by CVE-2022-49371?
CVE-2022-49371 affects Linux kernel versions from 4.2 up to 5.18.4, with several specific ranges in between.
What is the impact of CVE-2022-49371?
The impact of CVE-2022-49371 can lead to a system deadlock, which may disrupt operations that rely on device attachment.
When was CVE-2022-49371 disclosed?
CVE-2022-49371 was disclosed in late 2022 as part of ongoing security updates to the Linux kernel.

collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/type
agent/title
agent/references
agent/source
agent/author
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/weakness
agent/severity
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/event
agent/tags
vendor/linux
canonical/linux kernel
version/linux kernel/4.2
version/linux kernel/5.5
version/linux kernel/5.11
version/linux kernel/5.16
version/linux kernel/5.18

Frequently Asked Questions

What is the severity of CVE-2022-49371?
CVE-2022-49371 has a medium severity level due to its potential to cause deadlock in the device attachment process.
How do I fix CVE-2022-49371?
To fix CVE-2022-49371, update the Linux kernel to the latest stable version where this vulnerability has been resolved.
Which versions of the Linux kernel are affected by CVE-2022-49371?
CVE-2022-49371 affects Linux kernel versions from 4.2 up to 5.18.4, with several specific ranges in between.
What is the impact of CVE-2022-49371?
The impact of CVE-2022-49371 can lead to a system deadlock, which may disrupt operations that rely on device attachment.
When was CVE-2022-49371 disclosed?
CVE-2022-49371 was disclosed in late 2022 as part of ongoing security updates to the Linux kernel.

CVE-2022-49371: driver core: fix deadlock in __device_attach

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49371?

How do I fix CVE-2022-49371?

Which versions of the Linux kernel are affected by CVE-2022-49371?

What is the impact of CVE-2022-49371?

When was CVE-2022-49371 disclosed?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2022-49371?

How do I fix CVE-2022-49371?

Which versions of the Linux kernel are affected by CVE-2022-49371?

What is the impact of CVE-2022-49371?

When was CVE-2022-49371 disclosed?