CVE-2022-49033

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A bug in the Linux kernel has been resolved, specifically in the btrfs qgroup, where a sleep function was called from an invalid context in btrfs qgroup inherit(). This issue was reported by Syzkaller, which identified a call trace leading to the bug. The fix involves calling qgroup dirty() on @dstqgroup and updating the limit item in btrfs run qgroups() later, outside of the spinlock context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-667

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-1066

BDU:2025-01979

CVE-2022-49033

OESA-2024-2323

OESA-2024-2324

OPENSUSE-SU-2025_0201-1

OPENSUSE-SU-2025_0229-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0229-1

SUSE-SU-2025:0236-1

SUSE-SU-2025_0201-1

SUSE-SU-2025_0201-2

SUSE-SU-2025_0236-1

USN-8274-1

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2022-49033

Weakness Enumeration

Related Identifiers

Affected Products

References · 438