CVE & CISA-KEV Catalog

CVE-2022-49098

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required that the driver handles both registering and unregistering such panic notifier callback. After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback") though, the panic notifier registration is done unconditionally in the module initialization routine whereas the unregistering procedure is conditionally guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability is set. This patch fixes that by unconditionally unregistering the panic notifier in the module's exit routine as well.

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.113-1CVE-2022-49098
Fixed in:5.17.3-1CVE-2022-49098
Fixed in:5.17.3-1CVE-2022-49098
Fixed in:5.17.3-1CVE-2022-49098

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.24%probability of exploitation in 30 days
15thpercentile

Low risk: more likely to be exploited than 15% of all known CVEs.

References

Embed a live status badge for CVE-2022-49098
CVE-2022-49098 severity badge

Markdown

[![CVE-2022-49098](https://tridentstack.com/cve/badge/CVE-2022-49098.svg)](https://tridentstack.com/cve/CVE-2022-49098)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-49098"><img src="https://tridentstack.com/cve/badge/CVE-2022-49098.svg" alt="CVE-2022-49098"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-14.