CVE-2022-48751
📋 TL;DR
A race condition vulnerability in the Linux kernel's SMC (Shared Memory Communications) subsystem allows NULL pointer dereference when accessing a released socket. This can cause kernel crashes (denial of service) affecting systems using SMC protocol with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting critical network services.
Likely Case
System crash or instability when SMC socket operations occur during specific race conditions, causing service disruption.
If Mitigated
Minor performance impact from additional locking checks if patched, otherwise no impact if SMC not used.
🎯 Exploit Status
Requires race condition timing and SMC socket operations. Likely requires local access or specific network conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 38f0bdd548fd2ef5d481b88d8a2bfef968452e34 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable SMC protocol
linuxDisable Shared Memory Communications protocol if not required
echo 0 > /proc/sys/net/smc/smc_hs
sysctl -w net.smc.smc_hs=0
🧯 If You Can't Patch
- Disable SMC protocol system-wide using sysctl
- Restrict SMC usage to trusted applications only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if SMC is enabled: uname -r && sysctl net.smc.smc_hsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is after fixes and check dmesg for SMC-related crashes📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference messages in dmesg
- SMC-related crash logs
- System crash/panic events
Network Indicators:
- Unexpected SMC connection failures
- Network service disruptions
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "smc"🔗 References
- https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
- https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
- https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
- https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
- https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
- https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
