CVE-2022-28893
📋 TL;DR
This vulnerability in the Linux kernel's SUNRPC subsystem allows a use-after-free condition when freeing transport structures before sockets are properly closed. Attackers could potentially exploit this to cause denial of service, execute arbitrary code, or escalate privileges. Systems running Linux kernel versions up to 5.17.2 with SUNRPC enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire \& Hci Management Node by Netapp
⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or local privilege escalation allowing full system compromise
Likely Case
Kernel crash causing denial of service, potentially requiring system reboot
If Mitigated
Limited impact if SUNRPC is disabled or systems are properly segmented
🎯 Exploit Status
Exploitation requires triggering specific SUNRPC operations; no public exploits known as of analysis
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.17.3 and later
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.17.3 or later. 2. For distributions with backported patches, apply security updates from your vendor. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable SUNRPC if not needed
linuxPrevent exploitation by disabling SUNRPC subsystem if not required for system functionality
echo "install sunrpc /bin/true" >> /etc/modprobe.d/disable-sunrpc.conf
rmmod sunrpc
🧯 If You Can't Patch
- Restrict access to systems to trusted users only
- Implement strict network segmentation to limit potential attack surface
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare to affected range (≤5.17.2)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is 5.17.3 or later, or check with distribution-specific security update verification📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash/reboot events
- SUNRPC-related error messages in dmesg
Network Indicators:
- Unusual SUNRPC/NFS traffic patterns
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND process="sunrpc"🔗 References
- http://www.openwall.com/lists/oss-security/2022/04/11/3
- http://www.openwall.com/lists/oss-security/2022/04/11/4
- http://www.openwall.com/lists/oss-security/2022/04/11/5
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
- https://security.netapp.com/advisory/ntap-20220526-0002/
- https://www.debian.org/security/2022/dsa-5161
- http://www.openwall.com/lists/oss-security/2022/04/11/3
- http://www.openwall.com/lists/oss-security/2022/04/11/4
- http://www.openwall.com/lists/oss-security/2022/04/11/5
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a
- https://security.netapp.com/advisory/ntap-20220526-0002/
- https://www.debian.org/security/2022/dsa-5161
