CVE-2022-48846
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's block layer. When request queues are created without an associated disk (such as un-present SCSI LUNs or NVMe admin queues), the kernel fails to properly release rq qos structures, leading to gradual memory exhaustion. This affects Linux systems using specific storage configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Gradual memory leak over time leading to performance degradation and eventual system instability requiring reboots.
If Mitigated
Minimal impact with proper monitoring and regular system maintenance.
🎯 Exploit Status
Exploitation requires specific storage configurations and local access. No known weaponized exploits in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel v5.18 and later, plus backports to stable branches
Vendor Advisory: https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29
Restart Required: Yes
Instructions:
1. Update Linux kernel to v5.18 or later. 2. For affected stable branches, apply the specific patch commit. 3. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Avoid problematic storage configurations
linuxAvoid using un-present SCSI LUNs or NVMe admin queues that trigger the memory leak
Regular system monitoring and reboots
linuxMonitor kernel memory usage and schedule regular reboots to clear accumulated memory leaks
watch -n 60 'cat /proc/meminfo | grep -E "MemTotal|MemFree|Slab"'
🧯 If You Can't Patch
- Implement strict monitoring of kernel memory usage with alerts for abnormal patterns
- Schedule regular system reboots to clear potential memory accumulation
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If between 5.16 and 5.17, check if using SCSI or NVMe storage without associated disks.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is v5.18 or later, or check that the specific patch commit is applied in your kernel build.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System instability logs
- Memory pressure warnings in dmesg
SIEM Query:
source="kernel" AND ("oom" OR "memory" OR "slab") AND ("pressure" OR "exhaustion" OR "leak")🔗 References
- https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29
- https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e
- https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b
- https://git.kernel.org/stable/c/60c2c8e2ef3a3ec79de8cbc80a06ca0c21df8c29
- https://git.kernel.org/stable/c/d4ad8736ac982111bb0be8306bf19c8207f6600e
- https://git.kernel.org/stable/c/daaca3522a8e67c46e39ef09c1d542e866f85f3b
