CVE-2022-48747
📋 TL;DR
A vulnerability in the Linux kernel's bio_truncate() function could allow reading uninitialized data from block devices. This occurs when both a corrupted filesystem and userspace processes attempt to read the last block of a block device simultaneously. Systems running affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of kernel memory contents, potentially exposing sensitive data or cryptographic keys.
Likely Case
Reading of random uninitialized memory data, causing application instability or crashes.
If Mitigated
Minimal impact if systems are patched or don't have corrupted filesystems accessing block devices.
🎯 Exploit Status
Exploitation requires specific conditions: corrupted filesystem and concurrent block device access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict block device access
linuxLimit userspace access to block devices to reduce attack surface
chmod 600 /dev/sd*
setfacl -m u:root:rw /dev/sd*
🧯 If You Can't Patch
- Monitor for filesystem corruption and repair immediately
- Implement strict access controls on block device files
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from distribution vendorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Filesystem corruption warnings in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("oops" OR "BUG" OR "filesystem corruption")🔗 References
- https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
- https://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8
- https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae
- https://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82
- https://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b
- https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3
- https://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8
- https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae
- https://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82
- https://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b
