Login Sign Up

CVE-2022-0646

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's MCTP subsystem that occurs when cancel_work_sync is triggered after unregister_netdev during device removal. A local attacker could exploit this to crash the system or potentially escalate privileges. It affects Linux kernels from version 5.17-rc1 through 5.17-rc5.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: 5.17-rc1 through 5.17-rc5
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with MCTP subsystem enabled, but this is part of standard kernel builds in affected versions.

📦 What is this software?

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, complete system compromise, or kernel panic causing system crash.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on affected systems.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and kernel modules are properly sandboxed.

🌐 Internet-Facing: LOW - This requires local access to exploit, not remotely exploitable.
🏢 Internal Only: HIGH - Local attackers on affected systems can potentially gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.17-rc6 and later

Vendor Advisory: https://lore.kernel.org/all/20220211011552.1861886-1-jk%40codeconstruct.com.au

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.17-rc6 or later. 2. Reboot the system to load the patched kernel. 3. Verify the kernel version after reboot.

🔧 Temporary Workarounds

Disable MCTP subsystem

linux

Remove or disable the MCTP kernel module if not required

modprobe -r mctp
echo 'blacklist mctp' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict local user access to systems with affected kernels
  • Implement strict privilege separation and limit sudo/root access

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and verify if between 5.17-rc1 and 5.17-rc5

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.17-rc6 or later after update and reboot

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer activity
  • Unexpected privilege escalation in audit logs

Network Indicators:

  • None - local exploit only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2022-0646
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-459
Published: February 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0646, you might also want to check these:

CVE-2023-36468 9.9

XWiki Platform retains vulnerable old document revisions after upgrades, allowing attackers to explo...

Same vulnerability type (CWE-459)
CVE-2021-45330 9.8

This vulnerability in Gitea allows a malicious user to maintain access to a session even after logou...

Same vulnerability type (CWE-459)
CVE-2021-32928 9.8

This vulnerability in Sentinel LDK Run-Time Environment installer versions 7.6 and prior leaves TCP ...

Same vulnerability type (CWE-459)