GHSA-H5QQ-53RF-VMJC
Vulnerability from github – Published: 2025-10-14 21:30 – Updated: 2025-10-14 21:30In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix potential crash on module unload
The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as module, it is required that the driver handles both registering and unregistering such panic notifier callback.
After commit 74347a99e73a ("x86/Hyper-V: Unload vmbus channel in hv panic callback") though, the panic notifier registration is done unconditionally in the module initialization routine whereas the unregistering procedure is conditionally guarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability is set.
This patch fixes that by unconditionally unregistering the panic notifier in the module's exit routine as well.
{
"affected": [],
"aliases": [
"CVE-2022-49098"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Fix potential crash on module unload\n\nThe vmbus driver relies on the panic notifier infrastructure to perform\nsome operations when a panic event is detected. Since vmbus can be built\nas module, it is required that the driver handles both registering and\nunregistering such panic notifier callback.\n\nAfter commit 74347a99e73a (\"x86/Hyper-V: Unload vmbus channel in hv panic callback\")\nthough, the panic notifier registration is done unconditionally in the module\ninitialization routine whereas the unregistering procedure is conditionally\nguarded and executes only if HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE capability\nis set.\n\nThis patch fixes that by unconditionally unregistering the panic notifier\nin the module\u0027s exit routine as well.",
"id": "GHSA-h5qq-53rf-vmjc",
"modified": "2025-10-14T21:30:25Z",
"published": "2025-10-14T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49098"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2133c422a103cf7c7768c37b9ac382e73b691892"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d0078f8bddd58d9bb1ad40bbe929f8633abb276"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ea98d0f5f035c1bcf1517ccec0e024ae35a48b2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b4c0149a56147b29169e07000d566162892722a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/792f232d57ff28bbd5f9c4abe0466b23d5879dc8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf580d2e3884dbafd6b90269b03a24d661578624"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dcd6b1a624c0ffa21034d8b1e02e9d068458f596"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.