CVE-2022-48970
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's AF_UNIX socket diagnostics subsystem. When processing certain netlink messages, the kernel attempts to access user namespace information from an uninitialized socket buffer, causing a kernel panic. This affects Linux systems with AF_UNIX sockets enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel crash when malicious netlink messages are sent to the socket diagnostics interface.
If Mitigated
Minimal impact if proper access controls prevent unauthorized users from accessing netlink sockets.
🎯 Exploit Status
Exploit requires local access and ability to send netlink messages. The bug report includes crash details that could be used to create an exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 575a6266f63dbb3b8eb1da03671451f0d81b8034, 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91, 9c1d6f79a2c7b8221dcec27defc6dc461052ead4, b3abe42e94900bdd045c472f9c9be620ba5ce553, c66d78aee55dab72c92020ebfbebc464d4f5dd2a
Vendor Advisory: https://git.kernel.org/stable/c/575a6266f63dbb3b8eb1da03671451f0d81b8034
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict netlink socket access
linuxLimit access to netlink sockets to prevent unauthorized users from triggering the vulnerability
sysctl -w kernel.yama.ptrace_scope=2
chmod 600 /proc/net/unix
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from accessing netlink sockets
- Monitor system logs for kernel panic events and unauthorized netlink socket access attempts
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare against your distribution's security advisories for affected versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update and check that the specific commit hashes are included in your kernel build📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors at address 0000000000000270
Network Indicators:
- Unusual netlink socket communication from non-system processes
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "Oops: 0000" OR "unix_diag_get_exact")🔗 References
- https://git.kernel.org/stable/c/575a6266f63dbb3b8eb1da03671451f0d81b8034
- https://git.kernel.org/stable/c/5c014eb0ed6c8c57f483e94cc6e90f34ce426d91
- https://git.kernel.org/stable/c/9c1d6f79a2c7b8221dcec27defc6dc461052ead4
- https://git.kernel.org/stable/c/b3abe42e94900bdd045c472f9c9be620ba5ce553
- https://git.kernel.org/stable/c/c66d78aee55dab72c92020ebfbebc464d4f5dd2a
