CVE-2022-48666 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-48666?

CVE-2022-48666 has a CVSS score of 7.4 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's SCSI subsystem. When removing a SCSI host, the .exit_cmd_priv callback could access freed memory, potentially leading to system crashes or arbitrary code execution. Systems using SCSI storage with the ib_srp module are primarily affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's SCSI subsystem. When removing a SCSI host, the .exit_cmd_priv callback could access freed memory, potentially leading to system crashes or arbitrary code execution. Systems using SCSI storage with the ib_srp module are primarily affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SCSI subsystem usage, particularly with ib_srp module. Systems using SCSI over InfiniBand (SRP) are most directly affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.

🟠

Likely Case

System instability, crashes, or denial of service when SCSI hosts are removed during storage operations.

🟢

If Mitigated

Minor performance impact during SCSI host removal with proper synchronization.

🌐 Internet-Facing: LOW - This vulnerability requires local access or privileged execution context.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through compromised services with appropriate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires specific timing and SCSI host removal conditions

Exploitation requires triggering SCSI host removal while commands are pending, making reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 2e7eb4c1e8af8385de22775bd0be552f59b28c9a, 5ce8fad941233e81f2afb5b52a3fcddd3ba8732f, 8fe4ce5836e932f5766317cb651c1ff2a4cd0506, f818708eeeae793e12dc39f8984ed7732048a7d9

Vendor Advisory: https://git.kernel.org/stable/c/2e7eb4c1e8af8385de22775bd0be552f59b28c9a

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Avoid SCSI host removal during active operations

linux

Ensure SCSI hosts are not removed while storage operations are active

Disable ib_srp module if not needed

linux

Prevent loading of the vulnerable ib_srp module

echo 'blacklist ib_srp' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict local user access to systems with SCSI storage
Monitor for abnormal SCSI host removal events and system crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if ib_srp module is loaded: lsmod | grep ib_srp

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with distribution-specific security updates

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN use-after-free reports in dmesg
SCSI error messages during host removal

SIEM Query:

Search for: 'KASAN: use-after-free' OR 'srp_exit_cmd_priv' OR 'scsi_remove_host' in kernel logs

📊 Metadata

CVE ID: CVE-2022-48666

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 28, 2024

Last Updated: March 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48666, you might also want to check these: