{"id":"CVE-2022-49295","summary":"nbd: call genl_unregister_family() first in nbd_cleanup()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: call genl_unregister_family() first in nbd_cleanup()\n\nOtherwise there may be race between module removal and the handling of\nnetlink command, which can lead to the oops as shown below:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000098\n  Oops: 0002 [#1] SMP PTI\n  CPU: 1 PID: 31299 Comm: nbd-client Tainted: G            E     5.14.0-rc4\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n  RIP: 0010:down_write+0x1a/0x50\n  Call Trace:\n   start_creating+0x89/0x130\n   debugfs_create_dir+0x1b/0x130\n   nbd_start_device+0x13d/0x390 [nbd]\n   nbd_genl_connect+0x42f/0x748 [nbd]\n   genl_family_rcv_msg_doit.isra.0+0xec/0x150\n   genl_rcv_msg+0xe5/0x1e0\n   netlink_rcv_skb+0x55/0x100\n   genl_rcv+0x29/0x40\n   netlink_unicast+0x1a8/0x250\n   netlink_sendmsg+0x21b/0x430\n   ____sys_sendmsg+0x2a4/0x2d0\n   ___sys_sendmsg+0x81/0xc0\n   __sys_sendmsg+0x62/0xb0\n   __x64_sys_sendmsg+0x1f/0x30\n   do_syscall_64+0x3b/0xc0\n   entry_SYSCALL_64_after_hwframe+0x44/0xae\n  Modules linked in: nbd(E-)","modified":"2026-03-20T12:22:20.023767Z","published":"2025-02-26T02:01:25.659Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49295.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49295.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49295"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e46c7287b1c27683a8e30ca825fb98e2b97f1099"},{"fixed":"8a1435c862ea09b06be7acda325128dc08458e25"},{"fixed":"013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c"},{"fixed":"1be608e1ee1f222464b2856bda9b85ab5184a33e"},{"fixed":"c0868f6e728c3c28bef0e8bee89d2daf86a8bbca"},{"fixed":"cbeafa7a79d08ecdb55f8f1d41a11323d0f709db"},{"fixed":"6f505bbb8063fd3a238a4239d2d8c165e5279f6f"},{"fixed":"3d5da1ffba3388c2ae2e6c598855a4d887d3bf79"},{"fixed":"06c4da89c24e7023ea448cadf8e9daf06a0aae6e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49295.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}