CVE-2022-1353
📋 TL;DR
A local privilege escalation vulnerability in the Linux kernel's pfkey_register function allows unprivileged local users to access kernel memory. This can lead to system crashes or information disclosure. Only systems running vulnerable Linux kernel versions are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via kernel memory corruption leading to root access, system crash, or sensitive kernel data exposure.
Likely Case
Local denial of service (system crash) or limited kernel memory information leakage by a local user.
If Mitigated
Minimal impact if proper access controls prevent local user accounts or if kernel hardening is in place.
🎯 Exploit Status
Exploit requires local user access. Proof-of-concept code exists in public bug reports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.17-rc1 and later, or backported patches for stable kernels
Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2066819
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.17-rc1 or later. 2. For older kernels, apply backported patch from vendor. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable NET_KEY module
linuxPrevents loading of the vulnerable kernel module
echo 'install net-pf-16 /bin/true' >> /etc/modprobe.d/disable-netkey.conf
rmmod af_key
Restrict local user access
allLimit who can log into affected systems
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local user accounts
- Monitor system logs for crash events or unusual kernel activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If before 5.17-rc1, check if CONFIG_NET_KEY=y in /boot/config-$(uname -r)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is 5.17-rc1 or later, or check if patch is applied via vendor-specific commands📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash dumps
- Unexpected system reboots
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "general protection fault")🔗 References
- https://bugzilla.redhat.com/show_bug.cgi?id=2066819
- https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://security.netapp.com/advisory/ntap-20220629-0001/
- https://www.debian.org/security/2022/dsa-5127
- https://www.debian.org/security/2022/dsa-5173
- https://bugzilla.redhat.com/show_bug.cgi?id=2066819
- https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://security.netapp.com/advisory/ntap-20220629-0001/
- https://www.debian.org/security/2022/dsa-5127
- https://www.debian.org/security/2022/dsa-5173
