CVE-2022-48695
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's mpt3sas SCSI driver that occurs during controller reset operations. Attackers with local access could potentially exploit this to cause denial of service, crash the system, or execute arbitrary code. Systems using Linux kernels with the vulnerable mpt3sas driver are affected.
💻 Affected Systems
- Linux kernel with mpt3sas driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service during SCSI controller reset operations.
If Mitigated
System remains stable if the vulnerability is not triggered during controller resets.
🎯 Exploit Status
Requires local access and ability to trigger SCSI controller reset. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable mpt3sas module
linuxPrevent loading of vulnerable driver if not needed
echo 'blacklist mpt3sas' >> /etc/modprobe.d/blacklist.conf
rmmod mpt3sas
Restrict SCSI controller reset operations
linuxLimit ability to trigger controller resets
chmod 600 /sys/class/scsi_host/*/reset
🧯 If You Can't Patch
- Restrict local access to systems using mpt3sas driver
- Implement strict access controls to prevent unauthorized users from triggering SCSI operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mpt3sas module is loaded: lsmod | grep mpt3sasCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check dmesg for absence of refcount warnings during controller operations📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'refcount_t: underflow; use-after-free' warnings
- System crashes during SCSI controller operations
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND "refcount_t: underflow" OR "use-after-free" AND "mpt3sas"🔗 References
- https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b
- https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5
- https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7
- https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16
- https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34
- https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82
- https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6
- https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057
- https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b
- https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5
- https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7
- https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16
- https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34
- https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82
- https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6
- https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057
