CVE-2022-49441

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.143

Description A deadlock vulnerability has been identified in the Linux kernel. The issue arises when the pty write() function invokes kmalloc(), which may call printk() to print a failure message, leading to a deadlock. This occurs due to the locking mechanism in the tty port and console owner. The vulnerability can be triggered when printk() is called under tty port->lock, causing a circular locking dependency. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions prior to 5.4.143, apply the patch that specifies GFP NOWARN to kmalloc() to avoid the deadlock problem. As a temporary workaround, consider disabling the printk() function in the kmalloc() path until a patch is available. However, this is not a recommended solution due to the complexity of changing printk() to printk deferred() in the kmalloc() path.