CVE-2022-48956
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's IPv6 fragmentation code that can lead to kernel memory corruption and potential privilege escalation. It affects Linux systems with IPv6 enabled, particularly when processing UDP packets that require fragmentation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or local privilege escalation to root via kernel memory corruption.
Likely Case
System instability, kernel crashes, or denial of service through kernel panics.
If Mitigated
Minimal impact if IPv6 is disabled or proper network filtering prevents malicious fragmentation.
🎯 Exploit Status
Exploitation requires sending specially crafted IPv6 UDP packets that trigger the fragmentation path. The vulnerability was discovered through fuzzing (syzbot).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 6b6d3be3661bff2746cab26147bd629aa034e094 and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/6b6d3be3661bff2746cab26147bd629aa034e094
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image-*. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable IPv6
linuxCompletely disable IPv6 to prevent exploitation
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p
Block IPv6 fragmentation
linuxUse firewall rules to block IPv6 fragments
ip6tables -A INPUT -f -j DROP
ip6tables -A FORWARD -f -j DROP
🧯 If You Can't Patch
- Implement strict network filtering to block IPv6 fragments at perimeter
- Monitor systems for kernel panics or unusual crashes related to network processing
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with distribution's patched versions. Vulnerable if before fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update and ensure no kernel panics occur during IPv6 UDP fragmentation testing.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- Use-after-free KASAN reports in kernel logs
- System crashes during network traffic
Network Indicators:
- Unusual IPv6 fragmentation patterns
- Malformed IPv6 UDP packets triggering fragmentation
SIEM Query:
source="kernel" AND ("KASAN: use-after-free" OR "ip6_fragment" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/6b6d3be3661bff2746cab26147bd629aa034e094
- https://git.kernel.org/stable/c/7390c70bd431cbfa6951477e2c80a301643e284b
- https://git.kernel.org/stable/c/7e0dcd5f3ade221a6126278aca60c8ab4cc3bce9
- https://git.kernel.org/stable/c/803e84867de59a1e5d126666d25eb4860cfd2ebe
- https://git.kernel.org/stable/c/8208d7e56b1e579320b9ff3712739ad2e63e1f86
- https://git.kernel.org/stable/c/9b1a468a455d8319041528778d0e684a4c062792
- https://git.kernel.org/stable/c/b3d7ff8c04a83279fb7641fc4d5aa82a602df7c0
