CVE-2022-48980
📋 TL;DR
This is an out-of-bounds write vulnerability in the Linux kernel's SJA1105/SJA1110 Ethernet switch driver. It allows attackers with local access to potentially corrupt kernel memory, leading to system crashes or arbitrary code execution. Affected systems are those running vulnerable Linux kernel versions with the sja1105 driver loaded.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to arbitrary code execution with kernel privileges, system compromise, or persistent denial of service.
Likely Case
System crash or kernel panic due to memory corruption, causing denial of service.
If Mitigated
No impact if kernel hardening features like KASAN detect and prevent the out-of-bounds access.
🎯 Exploit Status
Exploitation requires local access and knowledge of driver internals. The vulnerability was discovered through KASAN detection rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 147f3e3d84054117ae6b9bf317ec4fda9f991192, 5e88c6f4aaa70c542e59e5a9d2244bcc99cd245d, f8bac7f9fdb0017b32157957ffffd490f95faa07
Vendor Advisory: https://git.kernel.org/stable/c/147f3e3d84054117ae6b9bf317ec4fda9f991192
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check with your Linux distribution for security updates. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable sja1105 driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist sja1105' >> /etc/modprobe.d/blacklist.conf
rmmod sja1105
🧯 If You Can't Patch
- Ensure kernel hardening features like KASAN are enabled to detect exploitation attempts
- Restrict local user access to systems using SJA1105/SJA1110 hardware
🔍 How to Verify
Check if Vulnerable:
Check if sja1105 driver is loaded: lsmod | grep sja1105. Check kernel version against affected versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check that sja1105 driver loads without KASAN errors.📡 Detection & Monitoring
Log Indicators:
- KASAN error messages in kernel logs
- Kernel panic or oops messages related to sja1105 driver
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for: 'KASAN: slab-out-of-bounds' AND 'sja1105' in kernel logs