CVE-2022-29156
📋 TL;DR
CVE-2022-29156 is a double-free vulnerability in the Linux kernel's RDMA Transport (RTRS) client driver that could allow local attackers to cause a kernel panic or potentially execute arbitrary code. This affects Linux systems using the InfiniBand RDMA subsystem with RTRS enabled. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise and potential data exfiltration.
Likely Case
Kernel panic leading to denial of service (system crash) and disruption of services running on affected systems.
If Mitigated
Limited impact if proper access controls prevent local user access or if RTRS module is not loaded.
🎯 Exploit Status
Requires local access and knowledge of triggering the specific code path. Double-free vulnerabilities can be challenging to weaponize for reliable code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.16.12 and later
Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
Restart Required: Yes
Instructions:
1. Update kernel to version 5.16.12 or later. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Unload RTRS client module
linuxPrevent exploitation by unloading the vulnerable kernel module if not required
sudo rmmod rtrs_client
Blacklist RTRS module
linuxPrevent automatic loading of vulnerable module
echo 'blacklist rtrs_client' | sudo tee /etc/modprobe.d/blacklist-rtrs.conf
🧯 If You Can't Patch
- Restrict local user access to systems using mandatory access controls (SELinux/AppArmor)
- Monitor for kernel panic events and investigate any unexpected system crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if rtrs_client module is loaded: uname -r && lsmod | grep rtrs_clientCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is 5.16.12 or later: uname -r📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- System crash/reboot events without clear cause
Network Indicators:
- None - local exploitation only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "double free")🔗 References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
- https://github.com/torvalds/linux/commit/8700af2cc18c919b2a83e74e0479038fd113c15d
- https://security.netapp.com/advisory/ntap-20220602-0002/
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
- https://github.com/torvalds/linux/commit/8700af2cc18c919b2a83e74e0479038fd113c15d
- https://security.netapp.com/advisory/ntap-20220602-0002/
