CVE-2022-3424 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-3424?

CVE-2022-3424 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's SGI GRU driver allows local attackers to crash the system or potentially escalate privileges. This affects Linux systems with the GRU driver loaded, typically found in SGI UV systems or when specific hardware is present. Attackers need local access to exploit this flaw.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's SGI GRU driver allows local attackers to crash the system or potentially escalate privileges. This affects Linux systems with the GRU driver loaded, typically found in SGI UV systems or when specific hardware is present. Attackers need local access to exploit this flaw.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before commit 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc (October 2022)

Operating Systems: Linux distributions including Red Hat, Debian, Ubuntu, and others

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the SGI GRU driver is loaded (typically on SGI UV systems or when /dev/gru exists). Most standard Linux installations do not load this driver by default.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, allowing complete system compromise and potential lateral movement.

🟠

Likely Case

Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.

🟢

If Mitigated

No impact if GRU driver is not loaded or access controls restrict local user privileges.

🌐 Internet-Facing: LOW - Requires local access, cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local users could exploit this, but requires specific driver configuration.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of driver interaction. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel commit 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2132640

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc. 2. For Red Hat: Apply security update via yum update kernel. 3. For Debian: Apply security updates via apt update && apt upgrade. 4. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Unload GRU driver module

linux

Prevent exploitation by unloading the vulnerable driver module if not needed

rmmod gru

Blacklist GRU driver

linux

Prevent GRU driver from loading at boot

echo 'blacklist gru' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Unload GRU driver module if not required for system functionality
Restrict local user access and implement principle of least privilege

🔍 How to Verify

Check if Vulnerable:

Check if GRU driver is loaded: lsmod | grep gru. If loaded and kernel version is before fix commit, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commit: uname -r and verify with distribution security advisories. Confirm GRU driver is either not loaded or system is patched.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash/reboot events
Failed GRU driver operations in kernel logs

Network Indicators:

None - local exploit only

SIEM Query:

EventID=41 OR Source='kernel' AND Message LIKE '%panic%' OR Message LIKE '%gru%' AND Message LIKE '%fail%'

📊 Metadata

CVE ID: CVE-2022-3424

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: March 6, 2023

Last Updated: March 6, 2025

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=2132640 Issue Tracking,Patch,Third Party Advisory
https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc Patch
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Mailing List,Third Party Advisory
https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
https://security.netapp.com/advisory/ntap-20230406-0005/ Third Party Advisory
https://www.spinics.net/lists/kernel/msg4518970.html Mailing List,Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2132640 Issue Tracking,Patch,Third Party Advisory
https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc Patch
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Mailing List,Third Party Advisory
https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
https://security.netapp.com/advisory/ntap-20230406-0005/ Third Party Advisory
https://www.spinics.net/lists/kernel/msg4518970.html Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-3424, you might also want to check these: