CVE-2022-49098

Drivers: hv: vmbus: Fix potential crash on module unload

Description

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required that the driver handles both registering and unregistering such panic notifier callback. After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback") though, the panic notifier registration is done unconditionally in the module initialization routine whereas the unregistering procedure is conditionally guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability is set. This patch fixes that by unconditionally unregistering the panic notifier in the module's exit routine as well.

N/A
CVSS
Severity:
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6b4c0149a56147b29169e07000d566162892722a
https://git.kernel.org/stable/c/2133c422a103cf7c7768c37b9ac382e73b691892
https://git.kernel.org/stable/c/cf580d2e3884dbafd6b90269b03a24d661578624
https://git.kernel.org/stable/c/dcd6b1a624c0ffa21034d8b1e02e9d068458f596
https://git.kernel.org/stable/c/5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2
https://git.kernel.org/stable/c/3d0078f8bddd58d9bb1ad40bbe929f8633abb276
https://git.kernel.org/stable/c/792f232d57ff28bbd5f9c4abe0466b23d5879dc8

Frequently Asked Questions

What is the severity of CVE-2022-49098?
CVE-2022-49098 has not yet been assigned a CVSS score.
How to fix CVE-2022-49098?
To fix CVE-2022-49098, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49098 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49098 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49098?
CVE-2022-49098 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.