CVE-2022-48692
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's SRP (SCSI RDMA Protocol) driver allows local attackers to cause a kernel panic and system crash. This affects systems using the ib_srp module for RDMA storage connectivity. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash requiring reboot, causing temporary service unavailability.
If Mitigated
Minimal impact if systems have redundancy and automated recovery mechanisms.
🎯 Exploit Status
Requires local access and ability to trigger specific SCSI RDMA operations. The vulnerability was discovered through blktests srp/007 test case.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 12f35199a2c0551187edbf8eb01379f0598659fa or later
Vendor Advisory: https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commit. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Unload ib_srp module
linuxDisable the vulnerable SRP RDMA driver if not needed
modprobe -r ib_srp
Blacklist ib_srp module
linuxPrevent ib_srp module from loading at boot
echo 'blacklist ib_srp' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local access to systems using ib_srp module
- Implement monitoring for kernel panics and system crashes
🔍 How to Verify
Check if Vulnerable:
Check if ib_srp module is loaded: lsmod | grep ib_srp AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commit and ib_srp module functions normally📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in dmesg
- System crash/reboot events
Network Indicators:
- Unusual RDMA storage connection failures
SIEM Query:
Search for 'kernel: BUG:' or 'kernel: Oops:' in system logs🔗 References
- https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa
- https://git.kernel.org/stable/c/a8edd49c94b4b08019ed7d6dd794fca8078a4deb
- https://git.kernel.org/stable/c/f022576aa03c2385ea7f2b27ee5b331e43abf624
- https://git.kernel.org/stable/c/f2c70f56f762e5dc3b0d7dc438fbb137cb116413
- https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa
- https://git.kernel.org/stable/c/a8edd49c94b4b08019ed7d6dd794fca8078a4deb
- https://git.kernel.org/stable/c/f022576aa03c2385ea7f2b27ee5b331e43abf624
- https://git.kernel.org/stable/c/f2c70f56f762e5dc3b0d7dc438fbb137cb116413
