CVE-2022-49379

MEDIUM EPSS 8.4%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the network interfaces to show up when deferred_probe_timeout was non-zero. While ip_auto_config() calls wait_for_device_probe() to make sure any currently running deferred probe work or asynchronous probe finishes, that wasn't sufficient to account for devices being deferred until deferred_probe_timeout. Commit 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits until the deferred_probe_timeout fires") tried to fix that by making sure wait_for_device_probe() waits for deferred_probe_timeout to expire before returning. However, if wait_for_device_probe() is called from the kernel_init() context: - Before deferred_probe_initcall() [2], it causes the boot process to hang due to a deadlock. - After deferred_probe_initcall() [3], it blocks kernel_init() from continuing till deferred_probe_timeout expires and beats the point of deferred_probe_timeout that's trying to wait for userspace to load modules. Neither of this is good. So revert the changes to wait_for_device_probe(). [1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/ [2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/ [3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.7.1  –  <5.10.122
linuxlinux_kernel*≥5.11  –  <5.15.47
linuxlinux_kernel*≥5.16  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4
linuxlinux_kernel5.7any
linuxlinux_kernel5.7any
linuxlinux_kernel5.7any
linuxlinux_kernel5.7any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/29357883a89193863f3cc6a2c5e0b42ceb022761
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ad6af07efcca85369c21e4897b3020cff2c170b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/528229474e1cbb1b3451cb713d94aecb5f6ee264
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ee76c256e928455212ab759c51d198fedbe7523
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71cbce75031aed26c72c2dc8a83111d181685f1b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/29357883a89193863f3cc6a2c5e0b42ceb022761
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ad6af07efcca85369c21e4897b3020cff2c170b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/528229474e1cbb1b3451cb713d94aecb5f6ee264
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ee76c256e928455212ab759c51d198fedbe7523
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/71cbce75031aed26c72c2dc8a83111d181685f1b
    Patch