CVE-2022-48780 – A Linux kernel vulnerability in the SMC (Shared... (How to Fix)

Q: What is the severity of CVE-2022-48780?

CVE-2022-48780 has a CVSS score of 5.5 (MEDIUM). A Linux kernel vulnerability in the SMC (Shared Memory Communications) networking subsystem allows infinite recursion when fallback occurs multiple times, potentially causing kernel panic or denial of service. This affects Linux systems with SMC enabled, particularly those using IBM zSystems or Power servers where SMC is commonly utilized.

📋 TL;DR

A Linux kernel vulnerability in the SMC (Shared Memory Communications) networking subsystem allows infinite recursion when fallback occurs multiple times, potentially causing kernel panic or denial of service. This affects Linux systems with SMC enabled, particularly those using IBM zSystems or Power servers where SMC is commonly utilized.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if SMC (Shared Memory Communications) is enabled and used. Most standard Linux installations do not have SMC enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

System instability, performance degradation, or service disruption when SMC fallback conditions are triggered repeatedly.

🟢

If Mitigated

Minimal impact if SMC is disabled or not in use; systems without SMC functionality remain unaffected.

🌐 Internet-Facing: LOW - Requires specific SMC networking conditions and local system access to trigger.

🏢 Internal Only: MEDIUM - Internal systems using SMC for high-performance networking could experience service disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific SMC fallback conditions and local system access. No known public exploits exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 1de9770d121ee9294794cca0e0be8fbfa0134ee8, 7de7ba7a8bd4fde0141de8674c13514d0072f0e6, or f00b6c976ae0dfbd9b891175f713f59095d23842 applied

Vendor Advisory: https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable SMC module

linux

Prevent loading of SMC kernel module if not required

echo 'install smc /bin/false' >> /etc/modprobe.d/disable-smc.conf
rmmod smc

🧯 If You Can't Patch

Disable SMC functionality if not required for your workload
Implement network segmentation to limit SMC usage to trusted systems only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if SMC module is loaded: uname -r && lsmod | grep smc

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or check if SMC module functions without recursion issues

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
Stack overflow warnings in dmesg
SMC-related error messages

Network Indicators:

SMC connection failures
Unexpected fallback to TCP

SIEM Query:

source="kernel" AND ("panic" OR "stack overflow" OR "smc")

📊 Metadata

CVE ID: CVE-2022-48780

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-835

Published: July 16, 2024

Last Updated: October 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48780, you might also want to check these: