LiveActive security incident?Get immediate response
CVE Record

CVE-2022-49751: w1: fix WARNING after calling w1_process()

In the Linux kernel, the following vulnerability has been resolved: w1: fix WARNING after calling w1_process() I got the following WARNING message while removing driver(ds2482): ------------[ cut here ]------------ do not call blocking ops when !TASK_RUNNING; state=1 set at [<000000002d50bfb6>] w1_process+0x9e/0x1d0 [wire] WARNING: CPU: 0 PID: 262 at kernel/sched/core.c:9817 __might_sleep+0x98/0xa0 CPU: 0 PID: 262 Comm: w1_bus_master1 Tainted: G N 6.1.0-rc3+ #307 RIP: 0010:__might_sleep+0x98/0xa0 Call Trace: exit_signals+0x6c/0x550 do_exit+0x2b4/0x17e0 kthread_exit+0x52/0x60 kthread+0x16d/0x1e0 ret_from_fork+0x1f/0x30 The state of task is set to TASK_INTERRUPTIBLE in loop in w1_process(), set it to TASK_RUNNING when it breaks out of the loop to avoid the warning.

MediumCVSS 5.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2022-49751 is a Linux kernel availability issue in the w1 1-Wire subsystem. The reported failure is a kernel warning during driver removal after w1_process() leaves task state inconsistent. It requires local privileges and has no cited active exploitation.

Executive priority

Handle through normal kernel patch governance, with higher priority for Linux systems that use 1-Wire hardware or removable w1 drivers. It is not currently supported as internet-exploited or remotely reachable in the supplied evidence.

Technical view

The flaw involves w1_process() setting TASK_INTERRUPTIBLE inside its loop and not restoring TASK_RUNNING after leaving the loop. During ds2482 driver removal, later blocking operations can trigger a scheduler warning. CVSS is 5.5 with local attack vector, low privileges, no user interaction, and high availability impact.

Likely exposure

Exposure appears limited to Linux systems with affected kernel versions and relevant w1/1-Wire driver use, including ds2482-related paths. The source bundle lists Linux as the affected product and includes multiple stable kernel references, but does not provide deployment prevalence.

Exploitation context

The bundle marks KEV as false and provides no source claiming active exploitation. The CVSS vector indicates local, low-privilege conditions with availability impact only. No remote attack path or confidentiality/integrity impact is supported by the supplied sources.

Researcher notes

The key behavior is task-state cleanup in w1_process(), not an application-layer flaw. The public data is sparse: it names the warning, CVSS vector, affected Linux product, and stable commits, but does not include a proof of exploitation or detailed operational mitigations.

Mitigation direction

  • Review vendor or distribution kernel advisories for CVE-2022-49751 applicability.
  • Update to a kernel containing the referenced stable w1 fix.
  • Prioritize systems using w1, 1-Wire, or ds2482-related drivers.
  • Where updates are delayed, review whether affected w1 drivers are required.

Validation and detection

  • Inventory Linux kernel versions across managed systems.
  • Check whether w1, wire, or ds2482 drivers are present or loaded.
  • Compare kernel builds against the referenced stable commits or vendor backports.
  • Monitor kernel logs for related w1_process or scheduler warnings.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-49751 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
1ADP providers
8Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.5CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H1.83.6CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

5.5Medium
CVSS 3.1 vector shape for CVE-2022-49751Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux3c52e4e627896b42152cc6ff98216c302932227e, 3c52e4e627896b42152cc6ff98216c302932227e, 3c52e4e627896b42152cc6ff98216c302932227e, 3c52e4e627896b42152cc6ff98216c302932227e, 3c52e4e627896b42152cc6ff98216c302932227e, 3c52e4e627896b42152cc6ff98216c302932227e, 3c52e4e627896b42152cc6ff98216c302932227eunaffected
LinuxLinux2.6.28, 0, 4.14.305, 4.19.272, 5.4.231, 5.10.166, 5.15.91, 6.1.9, 6.2affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.