CVE-2022-49008
📋 TL;DR
This vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem causes a memory leak when network devices are down. It affects systems using the can327 driver for CAN bus communication, potentially leading to resource exhaustion and system instability over time.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could exhaust kernel memory, leading to system crashes, denial of service, or unpredictable system behavior requiring reboots.
Likely Case
Gradual memory consumption causing performance degradation and eventual system instability in CAN-enabled systems with frequent network device state changes.
If Mitigated
Minimal impact with proper monitoring and patching; memory leaks would be detected and addressed before causing system issues.
🎯 Exploit Status
Requires ability to trigger CAN frame processing while network device is down; likely requires local access or CAN bus manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel releases via commits 797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08 and 8fa452cfafed521aaf5a18c71003fe24b1ee6141
Vendor Advisory: https://git.kernel.org/stable/c/797b1d9fc0e1f4351e4ad49b078c1a3cdc0d4a08
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify can327 driver is functioning correctly.
🔧 Temporary Workarounds
Disable can327 driver
linuxPrevent loading of vulnerable can327 driver if CAN functionality not required
echo 'blacklist can327' >> /etc/modprobe.d/blacklist-can327.conf
rmmod can327
Monitor memory usage
linuxImplement monitoring for abnormal memory consumption in CAN-enabled systems
watch -n 60 'cat /proc/meminfo | grep -E "MemFree|Slab"'
🧯 If You Can't Patch
- Ensure CAN network interfaces remain up when processing frames
- Implement memory usage monitoring with alerts for abnormal consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if can327 module is loaded: 'uname -r' and 'lsmod | grep can327'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and test CAN functionality with network interface toggling while monitoring memory📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System logs showing memory pressure
- CAN driver error messages
Network Indicators:
- Unusual CAN bus traffic patterns
- CAN interface state changes
SIEM Query:
source="kernel" AND ("oom" OR "memory" OR "slab") AND ("can" OR "can327")