CVE-2022-48746
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's mlx5e network driver allows a local attacker to cause a kernel panic (system crash) by triggering a specific bond netevent sequence. This affects systems using Mellanox network adapters with bonding and VF representor configurations. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux kernel with mlx5_core driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, requiring physical or remote console access to reboot.
Likely Case
System crash when specific network bonding events occur with Mellanox VF representors, causing temporary service disruption.
If Mitigated
No impact if systems are patched or don't use affected Mellanox driver configurations.
🎯 Exploit Status
Exploitation requires local access and specific network configuration conditions. The crash details are public but no weaponized exploit has been confirmed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 4fad499d7fece448e7230d5e5b92f6d8a073e0bb, a01ee1b8165f4161459b5ec4e728bc7130fe8cd4, ec41332e02bd0acf1f24206867bb6a02f5877a62, fe70126da6063c29ca161cdec7ad1dae9af836b3
Vendor Advisory: https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable bonding with VF representors
linuxAvoid using network bonding with Mellanox VF representor configurations until patched.
Disable mlx5e driver bonding events
linuxRemove or reconfigure bonding interfaces that use Mellanox adapters.
ip link set bond0 down
rmmod bonding
🧯 If You Can't Patch
- Restrict local access to systems with affected configurations
- Monitor for kernel panic events and implement high availability to minimize service disruption
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_core module is loaded with bonding: lsmod | grep -E 'mlx5_core|bonding' && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security advisory. Test bonding with Mellanox interfaces.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning mlx5e_is_uplink_rep
- NULL pointer dereference at address 000000000000036c
- bond_mii_monitor workqueue crashes
Network Indicators:
- Sudden loss of network connectivity on bonded interfaces
- Mellanox interface errors
SIEM Query:
event_source="kernel" AND (message:"mlx5e_is_uplink_rep" OR message:"NULL pointer dereference" OR message:"bond_mii_monitor")🔗 References
- https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb
- https://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4
- https://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62
- https://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3
- https://git.kernel.org/stable/c/4fad499d7fece448e7230d5e5b92f6d8a073e0bb
- https://git.kernel.org/stable/c/a01ee1b8165f4161459b5ec4e728bc7130fe8cd4
- https://git.kernel.org/stable/c/ec41332e02bd0acf1f24206867bb6a02f5877a62
- https://git.kernel.org/stable/c/fe70126da6063c29ca161cdec7ad1dae9af836b3
