PT-2025-8305 · Linux+4 · Linux Kernel+4

Zhang Wensheng

Published

2023-05-09

Updated

2025-09-29

CVE-2022-49371

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock issue in the Linux kernel has been identified in the device attach function. The problem arises when the async schedule dev function is called within the device lock, leading to a potential A-A deadlock. This occurs because device attach async helper also attempts to acquire the dev lock, causing a deadlock when memory is low or the work limit is reached. The issue is resolved by moving the async schedule dev call outside the device lock, allowing for concurrent operations without changing the code logic.

Recommendations To resolve the issue, apply the patch that moves the async schedule dev call outside the device lock in the device attach function. This change prevents the deadlock by allowing concurrent operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025_16880

CESA-2023_2951

CVE-2022-49371

OPENSUSE-SU-2025_1263-1

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:01983-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_01983-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8305 · Linux+4 · Linux Kernel+4

CVE-2022-49371

Weakness Enumeration

Related Identifiers

Affected Products

References · 1639