CVE-2022-49786 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

blk-cgroup: properly pin the parent in blkcg_css_online

blkcg_css_online is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins, and we end up leaking blkcgs and cgroups.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 11/07/2025

The vulnerability identified as CVE-2022-49786 resides within the Linux kernel's block cgroup implementation, specifically affecting the blkcg_css_online function that manages the lifecycle of block cgroup resources. This issue represents a critical resource management flaw that undermines the proper functioning of the kernel's control group subsystem. The vulnerability emerged from a refactoring operation in commit 397c9f46ee4d where the intended behavior of pinning the parent block cgroup was inadvertently altered to pin the control group state structure instead. This subtle but significant change in implementation logic has cascading effects on kernel resource management and memory allocation patterns.

The technical flaw manifests as improper reference counting within the block cgroup subsystem where the function that should maintain a reference to the parent block cgroup ends up creating unnecessary references to the control group state object. This misalignment in reference management creates a scenario where block cgroup resources fail to be properly released when they should be, resulting in resource leakage within the kernel's memory management system. The improper pinning mechanism directly conflicts with the expected behavior of the cgroup subsystem which relies on precise reference counting to ensure proper cleanup and resource deallocation. This vulnerability operates at the kernel level and affects the core cgroup functionality that controls block I/O operations for process groups.

The operational impact of CVE-2022-49786 extends beyond simple memory leaks to potentially compromise system stability and resource availability. When block cgroups and their associated control group resources fail to be properly released, the kernel experiences gradual resource exhaustion that can lead to system performance degradation, unexpected behavior, or even system crashes under sustained load conditions. The leak affects the broader cgroup subsystem functionality since block cgroup resources are integral to I/O scheduling and resource allocation mechanisms that multiple system components depend upon. This vulnerability particularly impacts systems that heavily utilize cgroup-based resource management for containerization, virtualization, or process isolation scenarios where block I/O control groups are frequently created and destroyed.

Mitigation strategies for this vulnerability require kernel-level patches that restore the intended reference pinning behavior in the blkcg_css_online function. The fix involves reverting the incorrect implementation change introduced in commit 397c9f46ee4d to ensure that the parent block cgroup is properly pinned rather than the control group state structure. System administrators should prioritize applying the relevant kernel updates that contain the corrected implementation. Additionally, monitoring systems for unusual memory consumption patterns or cgroup-related errors can help detect the presence of this vulnerability before it causes significant operational impact. Organizations utilizing containerized environments or systems with intensive I/O operations should particularly focus on applying this patch to maintain system stability and prevent potential resource exhaustion scenarios that could affect service availability.

This vulnerability aligns with CWE-404, which addresses improper resource management, and relates to the broader category of resource leak issues that can compromise system integrity. From an ATT&CK perspective, this vulnerability could potentially be leveraged for resource exhaustion attacks that target kernel memory management, though it primarily represents an internal system stability concern rather than an external attack vector. The flaw demonstrates the critical importance of careful refactoring in kernel code where seemingly minor changes can have significant impacts on resource management and system behavior.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00140

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!