Wiz
Vulnerability DatabaseCVE-2022-49028

CVE-2022-49028
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2022-49028 is a resource leak vulnerability in the Linux kernel's ixgbevf driver. The issue was discovered in the ixgbevf_init_module() function, which failed to destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed (Kernel Git).

Technical details

The vulnerability exists in the ixgbevf driver's initialization module where a workqueue resource leak occurs when the PCI driver registration fails. The issue stems from the ixgbevf_init_module() function not properly cleaning up resources by failing to call destroy_workqueue() in the error path. This is similar to a previous fix implemented for the u132_hcd_init function (Kernel Git).

Impact

The vulnerability results in a resource leak in the Linux kernel when the ixgbevf driver initialization fails. This could potentially lead to system resource exhaustion over time (CVE Mitre).

Mitigation and workarounds

The issue has been fixed by adding destroy_workqueue() in the fail path of ixgbevf_init_module(). The fix has been implemented in various Linux kernel versions, including Ubuntu 22.04 LTS (5.15.0-67.74), Ubuntu 20.04 LTS (5.15.0-1031.35~20.04.1), and other distributions (Ubuntu Security).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-71142N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-core
NoNoJan 14, 2026
CVE-2025-71137N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k
NoYesJan 14, 2026
CVE-2025-71135N/AN/A
  • Linux KernelLinux Kernel
  • rv
NoNoJan 14, 2026
CVE-2025-71134N/AN/A
  • Linux KernelLinux Kernel
  • kernel-zfcpdump
NoNoJan 14, 2026
CVE-2025-71133N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-debug
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo