CVE-2022-49012 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix server->active leak in afs_put_server
The atomic_read was accidentally replaced with atomic_inc_return, which prevents the server from getting cleaned up and causes rmmod to hang with a warning:
Can't purge s=00000001
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/18/2026
The vulnerability described in CVE-2022-49012 represents a critical resource management flaw within the Linux kernel's Andrew File System (AFS) implementation. This issue specifically affects the afs_put_server function where a fundamental logic error was introduced during kernel development. The problem stems from an incorrect atomic operation replacement that fundamentally breaks the server cleanup mechanism, leading to persistent resource leaks that can severely impact system stability and resource utilization. The AFS subsystem is designed to provide distributed file system capabilities in Linux environments, making this vulnerability particularly concerning for systems relying on distributed storage solutions.
The technical flaw manifests as an improper atomic operation substitution where atomic_read was inadvertently replaced with atomic_inc_return within the server cleanup pathway. This seemingly minor change has profound implications for the reference counting mechanism that governs server object lifecycle management. The atomic_inc_return operation increments the reference counter and returns the new value, whereas atomic_read simply reads the current value without modification. This replacement prevents the proper decrementing of reference counts that would normally trigger server cleanup, creating a scenario where server objects remain in memory indefinitely. The vulnerability directly violates the principles of proper resource management and atomic operation usage as defined in CWE-664, which addresses improper control of a resource through a resource management function.
The operational impact of this vulnerability extends beyond simple memory leaks to encompass complete system hang conditions during module removal operations. When administrators attempt to unload the afs module using rmmod command, the system becomes unresponsive with the characteristic warning message "Can't purge s=00000001" indicating the failure to properly clean up server objects. This hanging behavior represents a critical denial-of-service condition that can leave systems inoperable and require manual intervention through system reboot or forceful module removal. The persistent resource leaks accumulate over time, potentially leading to system memory exhaustion and degradation of overall performance, particularly in environments with high AFS usage or frequent module reload operations.
Mitigation strategies for this vulnerability require immediate kernel updates addressing the atomic operation replacement error in the afs_put_server function. System administrators should prioritize applying the relevant kernel patches that correct the improper atomic_inc_return usage back to the proper atomic_read operation. Additionally, monitoring systems should be implemented to detect unusual memory consumption patterns that might indicate resource leak accumulation. The fix aligns with ATT&CK technique T1490 which addresses resource exhaustion through manipulation of system resources, and CWE-664 which specifically addresses improper control of a resource through resource management functions. Organizations should also consider implementing automated module management policies that prevent frequent reload operations that could exacerbate the resource leak conditions until the patch is fully deployed across all affected systems.