CVE-2022-48921
📋 TL;DR
A race condition in the Linux kernel's scheduler allows a null pointer dereference when setting process priorities on newly created threads. This causes a kernel panic (system crash) affecting all Linux systems running vulnerable kernel versions. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service
Likely Case
System crash when specific race condition occurs during thread creation and priority setting
If Mitigated
No impact if patched or if the specific race condition doesn't occur
🎯 Exploit Status
Discovered by syzbot fuzzer, requires local access and specific process creation patterns
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 13765de8148f71fa795e0a6607de37c49ea5915a, 589a954daab5e18399860b6c8ffaeaf79844eb20, 8f317cd888059c59e2fa924bf4b0957cfa53f78e, e0bcd6b5779352aed88f2e538a82a39f1a7715bb
Vendor Advisory: https://git.kernel.org/stable/c/13765de8148f71fa795e0a6607de37c49ea5915a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict setpriority permissions
linuxLimit which users can call setpriority to reduce attack surface
# Set capabilities or use SELinux/AppArmor to restrict setpriority
🧯 If You Can't Patch
- Monitor for processes creating many threads and setting priorities
- Implement strict process creation controls and monitoring
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it includes the vulnerable commit 4ef0c5c6b5ba but not the fix commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits or is newer than the patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- null pointer dereference in kernel logs
- system crash/reboot events
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel panic' OR 'null pointer dereference' OR 'general protection fault' in system logs