CVE-2022-49259: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49259 addresses a vulnerability in the Linux kernel related to the improper deletion order of queue kobjects. The issue was discovered when child kobjects were being deleted after their parent kobjects, which violates the proper kobject deletion hierarchy (Kernel Git).

The vulnerability occurs in the block subsystem where queue kobjects are deleted before their children kobjects. While this is usually benign, it triggers a warning when a child kobject has a named attribute group. The issue manifests in the blkunregisterqueue function where kobjectdel() was called at the wrong time in the deletion sequence. The problem was introduced by commit 2c2086afc2b8 which modified the protection of code with sysfslock in blk{un,}registerqueue() (Kernel Git).

When triggered, the vulnerability causes a warning message in the system log: 'sysfs group 'modes' not found for kobject 'crypto''. This occurs specifically when one of the child kobjects has a named attribute group. The impact appears to be primarily related to system logging and potential system state inconsistencies (Kernel Git).

The issue was fixed by moving the kobjectdel() and the corresponding kobjectuevent() calls to the correct place in the code sequence, ensuring that child kobjects are properly deleted before their parents. The fix was implemented through patches in various kernel versions (Kernel Git).