CVE-2022-49012
📋 TL;DR
This CVE describes a resource leak vulnerability in the Linux kernel's AFS (Andrew File System) implementation. A coding error in afs_put_server prevents proper cleanup of server resources, potentially causing kernel memory exhaustion and system instability. This affects Linux systems using the AFS filesystem module.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory exhaustion leading to system instability, denial of service, or kernel panic requiring system reboot.
Likely Case
Gradual memory leak causing performance degradation over time, potentially requiring module reload or system restart.
If Mitigated
Minimal impact if AFS module is not loaded or not in use; isolated to systems using AFS functionality.
🎯 Exploit Status
Exploitation requires ability to trigger AFS server operations; more likely to be triggered accidentally than maliciously.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel stable trees via commits c5078548c29c and ef4d3ea40565
Vendor Advisory: https://git.kernel.org/stable/c/c5078548c29c735f71b05053659c0cb294e738ad
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Rebuild kernel if using custom kernel with affected code. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Unload AFS module
linuxRemove the vulnerable AFS kernel module if not needed
sudo rmmod kafs
sudo modprobe -r kafs
Blacklist AFS module
linuxPrevent AFS module from loading at boot
echo 'blacklist kafs' | sudo tee /etc/modprobe.d/blacklist-afs.conf
🧯 If You Can't Patch
- Monitor system memory usage for unusual growth patterns
- Implement regular system reboots to clear potential memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if AFS module is loaded: lsmod | grep kafs && check kernel version against patched releasesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than patched releases📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'Can't purge s=' messages
- OOM killer activity related to kernel memory
Network Indicators:
- Unusual AFS protocol errors or disconnections
SIEM Query:
source="kernel" AND ("Can't purge" OR "afs" AND "memory")