CVE-2022-1652

Q: What is the severity of CVE-2022-1652?

CVE-2022-1652 has a CVSS score of 7.8 (HIGH). CVE-2022-1652 is a use-after-free vulnerability in the Linux kernel's floppy disk driver that allows local attackers to execute arbitrary code or cause denial of service. This affects Linux systems with the floppy driver loaded, though floppy hardware is rarely used today. Attackers need local access to exploit this vulnerability.

7.8 HIGH

Denial of Service

📋 TL;DR

CVE-2022-1652 is a use-after-free vulnerability in the Linux kernel's floppy disk driver that allows local attackers to execute arbitrary code or cause denial of service. This affects Linux systems with the floppy driver loaded, though floppy hardware is rarely used today. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Linux Kernel

Versions: Linux kernel versions before 5.17.3

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if floppy driver (CONFIG_BLK_DEV_FD) is compiled into kernel or loaded as module. Most modern systems don't load floppy driver by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level arbitrary code execution leading to complete control of the affected system.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical reboot.

🟢

If Mitigated

Minimal impact if floppy driver is not loaded or access controls prevent local user execution.

🌐 Internet-Facing: LOW - Requires local access, cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local attackers with user privileges could exploit, but floppy driver often not loaded.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and ability to execute code. Proof-of-concept code has been published demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.17.3 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1832397

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.17.3 or later. 2. For distributions with backported patches, apply security updates. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Unload floppy driver module

linux

Remove floppy driver from kernel if loaded as module

rmmod floppy
echo 'blacklist floppy' > /etc/modprobe.d/blacklist-floppy.conf

Prevent floppy driver loading

linux

Prevent floppy driver from being loaded at boot

echo 'install floppy /bin/false' > /etc/modprobe.d/disable-floppy.conf
update-initramfs -u

🧯 If You Can't Patch

Unload floppy driver module if present: rmmod floppy
Implement strict access controls to prevent local users from executing arbitrary code

🔍 How to Verify

Check if Vulnerable:

Check if floppy module is loaded: lsmod | grep floppy. Check kernel version: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.17.3 or later: uname -r. Check if floppy module is not loaded: lsmod | grep -i floppy

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
OOM killer activity related to floppy
System crash/reboot logs

Network Indicators:

None - local exploit only

SIEM Query:

source="kernel" AND ("floppy" OR "bad_flp_intr") AND ("panic" OR "crash" OR "Oops")

📊 Metadata

CVE ID: CVE-2022-1652

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1832397 Issue Tracking,Not Applicable
https://francozappa.github.io/about-bias/ Not Applicable
https://kb.cert.org/vuls/id/647177/ Not Applicable,Third Party Advisory,US Government Resource
https://security.netapp.com/advisory/ntap-20220722-0002/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5173 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1832397 Issue Tracking,Not Applicable
https://francozappa.github.io/about-bias/ Not Applicable
https://kb.cert.org/vuls/id/647177/ Not Applicable,Third Party Advisory,US Government Resource
https://security.netapp.com/advisory/ntap-20220722-0002/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5173 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Enterprise Linux by Redhat

H300s Firmware by Netapp

H410c Firmware by Netapp

H410s Firmware by Netapp

H500s Firmware by Netapp

H700s Firmware by Netapp

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Unload floppy driver module

Prevent floppy driver loading

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities