PT-2025-8225 · Linux+3 · Linux Kernel+3

Yu Kuai

Published

2022-05-27

Updated

2025-09-29

CVE-2022-49297

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc3-next-20220422-00003-g2176915513ca

Description A vulnerability in the Linux kernel has been identified, which can cause an io hung when disconnecting a device. This issue is triggered by "qemu-nbd" and can lead to a blocked task. The problem arises from the inability to clear requests after a commit, resulting in requests not being completed due to a timeout. The issue is related to the nbd clear sock ioctl() function and the NBD CMD INFLIGHT flag.

Recommendations For Linux kernel versions prior to 5.18.0-rc3-next-20220422-00003-g2176915513ca, switch back to calling nbd clear sock() in nbd clear sock ioctl() to allow inflight requests to be cleared.

Exploit

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALSA-2025_16880

BDU:2026-03672

CVE-2022-49297

OPENSUSE-SU-2025_1263-1

RHSA-2022:8267

RHSA-2022_8267

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

PT-2025-8225 · Linux+3 · Linux Kernel+3

CVE-2022-49297

Weakness Enumeration

Related Identifiers

Affected Products

References · 1506