Linux Kernel up to 5.17.2 module_init/module_exit debug log file
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.4 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Linux Kernel up to 5.17.2 and classified as problematic. This vulnerability affects the function module_init/module_exit. The manipulation leads to debug log file.
This vulnerability is uniquely identified as CVE-2022-49100. No exploit exists.
The affected component should be upgraded.
Details
A vulnerability was found in Linux Kernel up to 5.17.2. It has been rated as problematic. This issue affects the function module_init/module_exit. The manipulation with an unknown input leads to a debug log file vulnerability. Using CWE to declare the problem leads to CWE-534. This entry has been deprecated because its abstraction was too low-level. See CWE-532. Impacted is confidentiality. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: virtio_console: eliminate anonymous module_init & module_exit Eliminate anonymous module_init() and module_exit(), which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcall_debug log. Give each of these init and exit functions unique driver-specific names to eliminate the anonymous names. Example 1: (System.map) ffffffff832fc78c t init ffffffff832fc79e t init ffffffff832fc8f8 t init Example 2: (initcall_debug log) calling init+0x0/0x12 @ 1 initcall init+0x0/0x12 returned 0 after 15 usecs calling init+0x0/0x60 @ 1 initcall init+0x0/0x60 returned 0 after 2 usecs calling init+0x0/0x9a @ 1 initcall init+0x0/0x9a returned 0 after 74 usecs
The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2022-49100 since 02/26/2025. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1592 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 241018 (EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1704)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 4.9.311, 4.14.276, 4.19.238, 5.4.189, 5.10.111, 5.15.34, 5.16.20 or 5.17.3 eliminates this vulnerability. Applying the patch 93e3d88321d2274fa4e26b006e19cc10fec331c2/7deaddb704713608e0ae559e27185581b9af71a0/0f3d824bd70a1303464d5e93ee3e7afe7832fe89/3504b0a177208eda85bf472bbf7c9aa77d2b8343/c69b442125bf009fce26e15aa5616caf8a3673c3/44c2d5fbe7b2bd1f8cb114d608a591a73a5d4ae6/3fd5dee7404ce40c79cba468bb2510115639d975/71612aee09ecea3475f8751dc841d75a011b1fd0/fefb8a2a941338d871e2d83fbd65fbfa068857bd is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at Tenable (241018). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
- 4.9.310
- 4.14.275
- 4.19.237
- 5.4.188
- 5.10.110
- 5.15.0
- 5.15.1
- 5.15.2
- 5.15.3
- 5.15.4
- 5.15.5
- 5.15.6
- 5.15.7
- 5.15.8
- 5.15.9
- 5.15.10
- 5.15.11
- 5.15.12
- 5.15.13
- 5.15.14
- 5.15.15
- 5.15.16
- 5.15.17
- 5.15.18
- 5.15.19
- 5.15.20
- 5.15.21
- 5.15.22
- 5.15.23
- 5.15.24
- 5.15.25
- 5.15.26
- 5.15.27
- 5.15.28
- 5.15.29
- 5.15.30
- 5.15.31
- 5.15.32
- 5.15.33
- 5.16.0
- 5.16.1
- 5.16.2
- 5.16.3
- 5.16.4
- 5.16.5
- 5.16.6
- 5.16.7
- 5.16.8
- 5.16.9
- 5.16.10
- 5.16.11
- 5.16.12
- 5.16.13
- 5.16.14
- 5.16.15
- 5.16.16
- 5.16.17
- 5.16.18
- 5.16.19
- 5.17.0
- 5.17.1
- 5.17.2
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.5VulDB Meta Temp Score: 4.4
VulDB Base Score: 3.5
VulDB Temp Score: 3.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Debug log fileCWE: CWE-534 / CWE-532 / CWE-200
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 241018
Nessus Name: EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1704)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 4.9.311/4.14.276/4.19.238/5.4.189/5.10.111/5.15.34/5.16.20/5.17.3
Patch: 93e3d88321d2274fa4e26b006e19cc10fec331c2/7deaddb704713608e0ae559e27185581b9af71a0/0f3d824bd70a1303464d5e93ee3e7afe7832fe89/3504b0a177208eda85bf472bbf7c9aa77d2b8343/c69b442125bf009fce26e15aa5616caf8a3673c3/44c2d5fbe7b2bd1f8cb114d608a591a73a5d4ae6/3fd5dee7404ce40c79cba468bb2510115639d975/71612aee09ecea3475f8751dc841d75a011b1fd0/fefb8a2a941338d871e2d83fbd65fbfa068857bd
Timeline
02/26/2025 🔍02/26/2025 🔍
02/26/2025 🔍
10/15/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2022-49100 (🔍)
GCVE (CVE): GCVE-0-2022-49100
GCVE (VulDB): GCVE-100-297377
Entry
Created: 02/26/2025 11:24Updated: 10/15/2025 05:42
Changes: 02/26/2025 11:24 (58), 07/01/2025 15:19 (2), 10/15/2025 05:42 (12)
Complete: 🔍
Committer: sany
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.