CVE-2022-48651
📋 TL;DR
A kernel memory corruption vulnerability in Linux ipvlan driver allows local attackers to trigger out-of-bounds memory access, potentially leading to system crashes or privilege escalation. This affects systems using ipvlan network interfaces with AF_PACKET sockets configured to bypass the network queueing discipline.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation if memory corruption can be controlled to execute arbitrary code.
Likely Case
System crash or kernel panic causing denial of service on affected systems.
If Mitigated
No impact if ipvlan is not used or PACKET_QDISC_BYPASS is not enabled on AF_PACKET sockets.
🎯 Exploit Status
Requires local access and ability to create AF_PACKET sockets with specific socket options. Exploit would need to control memory corruption for privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 25efdbe5fe542c3063d1948cc4e98abcb57621ca or later
Vendor Advisory: https://git.kernel.org/stable/c/25efdbe5fe542c3063d1948cc4e98abcb57621ca
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commit. 2. Check distribution security advisories for specific patched versions. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ipvlan usage
linuxRemove or disable ipvlan network interfaces if not required
ip link delete <ipvlan_interface>
modprobe -r ipvlan
Restrict AF_PACKET socket creation
linuxLimit CAP_NET_RAW capability to prevent unprivileged users from creating raw sockets
setcap -r /bin/ping
sysctl -w net.core.bpf_jit_enable=0
🧯 If You Can't Patch
- Disable ipvlan kernel module loading: add 'blacklist ipvlan' to /etc/modprobe.d/
- Implement strict capability management to prevent unprivileged users from obtaining CAP_NET_RAW
🔍 How to Verify
Check if Vulnerable:
Check if ipvlan module is loaded: lsmod | grep ipvlan AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit: grep -q '25efdbe5fe542c3063d1948cc4e98abcb57621ca' /proc/version_signature || uname -r📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of slab-out-of-bounds in ipvlan_xmit_mode_l2
- System crashes with ipvlan-related stack traces
Network Indicators:
- Unexpected traffic from ipvlan interfaces
- AF_PACKET socket creation with PACKET_QDISC_BYPASS option
SIEM Query:
process_name:raw_send AND module:ipvlan OR event_type:kernel_panic AND component:ipvlan🔗 References
- https://git.kernel.org/stable/c/25efdbe5fe542c3063d1948cc4e98abcb57621ca
- https://git.kernel.org/stable/c/346e94aa4a99378592c46d6a34c72703a32bd5be
- https://git.kernel.org/stable/c/81225b2ea161af48e093f58e8dfee6d705b16af4
- https://git.kernel.org/stable/c/8d06006c7eb75587d986da46c48ba9274f94e8e7
- https://git.kernel.org/stable/c/ab4a733874ead120691e8038272d22f8444d3638
- https://git.kernel.org/stable/c/b583e6b25bf9321c91154f6c78d2173ef12c4241
- https://git.kernel.org/stable/c/bffcdade259c05ab3436b5fab711612093c275ef
- https://git.kernel.org/stable/c/e2b46cd5796f083e452fbc624f65b80328b0c1a4
- https://git.kernel.org/stable/c/25efdbe5fe542c3063d1948cc4e98abcb57621ca
- https://git.kernel.org/stable/c/346e94aa4a99378592c46d6a34c72703a32bd5be
- https://git.kernel.org/stable/c/81225b2ea161af48e093f58e8dfee6d705b16af4
- https://git.kernel.org/stable/c/8d06006c7eb75587d986da46c48ba9274f94e8e7
- https://git.kernel.org/stable/c/ab4a733874ead120691e8038272d22f8444d3638
- https://git.kernel.org/stable/c/b583e6b25bf9321c91154f6c78d2173ef12c4241
- https://git.kernel.org/stable/c/bffcdade259c05ab3436b5fab711612093c275ef
- https://git.kernel.org/stable/c/e2b46cd5796f083e452fbc624f65b80328b0c1a4
