PT-2025-8223 · Linux+2 · Linux Kernel+2

Hou Tao

Published

2022-05-27

Updated

2025-04-16

CVE-2022-49295

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-rc4

Description A race condition exists between module removal and the handling of netlink commands in the Linux kernel, which can lead to a kernel NULL pointer dereference. This issue is related to the nbd module and can cause an oops error, as shown in the provided stack trace. The error occurs when genl unregister family() is not called before nbd cleanup(), allowing for a potential race condition.

Recommendations For Linux kernel versions prior to 5.14.0-rc4, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, ensure that genl unregister family() is called before nbd cleanup() to prevent the race condition.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-03671

CVE-2022-49295

OPENSUSE-SU-2025_1263-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8223 · Linux+2 · Linux Kernel+2

CVE-2022-49295

Weakness Enumeration

Related Identifiers

Affected Products

References · 1504