Login Sign Up

CVE-2022-48988

7.0 HIGH

📋 TL;DR

This Linux kernel vulnerability allows local attackers to trigger a use-after-free condition in the memory controller subsystem by manipulating file descriptors. Attackers with local access can potentially escalate privileges, crash the system, or leak kernel memory. All Linux systems using affected kernel versions with memory cgroups enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Kernel versions between v5.10 and v5.16 (specifically affected by commit 347c4a874710)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires memory cgroups (memcg) to be enabled and accessible. Most modern Linux distributions have this enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel memory corruption leading to system crash, or information disclosure of sensitive kernel data.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on the affected system.

🟢

If Mitigated

Denial of service through kernel panic or system crash if exploitation fails.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.
🏢 Internal Only: HIGH - Any user with shell access can potentially exploit this vulnerability to gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. The vulnerability is in a specific memory controller function that can be triggered through cgroup interface manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel versions: v5.16.12, v5.15.25, v5.10.102 and later stable releases

Vendor Advisory: https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply the fix commit 0ed074317b835caa6c03bcfa8f133365324673dc. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable memory cgroups

linux

Remove memory cgroup functionality to prevent access to vulnerable code path

Add 'cgroup_disable=memory' to kernel boot parameters in /etc/default/grub or bootloader config

Restrict cgroup access

linux

Limit user access to cgroup filesystem to prevent exploitation

chmod 750 /sys/fs/cgroup
setfacl -m u:root:rwx /sys/fs/cgroup

🧯 If You Can't Patch

  • Implement strict access controls to limit user access to /sys/fs/cgroup directory
  • Monitor for suspicious cgroup file operations and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version with 'uname -r' and compare against affected versions (5.10.x to 5.16.x). Check if /sys/fs/cgroup/memory exists.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.16.12+, 5.15.25+, or 5.10.102+ with 'uname -r'. Check git commit history for fix inclusion.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer activity related to cgroups
  • Unusual cgroup file operations in audit logs

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND ("memcg" OR "cgroup")

📊 Metadata

CVE ID: CVE-2022-48988
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: October 21, 2024
Last Updated: November 1, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48988, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)