Login Sign Up

CVE-2022-0995

7.8 HIGH

📋 TL;DR

CVE-2022-0995 is an out-of-bounds write vulnerability in the Linux kernel's watch_queue subsystem that allows a local attacker to overwrite kernel memory. This can lead to privilege escalation or denial of service. Any Linux system with the affected kernel versions is vulnerable.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Linux kernel versions from 5.8 to 5.17 (specifically vulnerable in 5.16.12 and 5.17-rc1)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: The watch_queue feature must be enabled (CONFIG_WATCH_QUEUE=y), which is default in many distributions.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H610c Firmware by Netapp

View all CVEs affecting H610c Firmware →

H610s Firmware by Netapp

View all CVEs affecting H610s Firmware →

H615c Firmware by Netapp

View all CVEs affecting H615c Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, complete system compromise, or kernel panic causing system crash.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on vulnerable systems.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and kernel protections are enabled.

🌐 Internet-Facing: LOW - This requires local access to exploit, not directly exploitable over network.
🏢 Internal Only: HIGH - Any local user account (including compromised ones) can potentially exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit code is publicly available, but requires local access and some technical knowledge to execute successfully.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.17-rc2 and later, backported to stable kernels

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2063786

Restart Required: Yes

Instructions:

1. Update kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable watch_queue module

linux

Remove or disable the watch_queue kernel module if not needed

echo 'blacklist watch_queue' >> /etc/modprobe.d/blacklist.conf
rmmod watch_queue

Restrict local user access

all

Limit local user accounts and implement strict access controls

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Enable kernel hardening features like SELinux/AppArmor to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare with affected versions (5.8 to 5.17)

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.17-rc2 or later, or check with distribution-specific security updates

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Watch queue related errors in dmesg
  • Unusual privilege escalation attempts

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

Search for kernel version strings in system logs and correlate with exploit attempts

📊 Metadata

CVE ID: CVE-2022-0995
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0995, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)