CVE-2022-49024
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's CAN bus subsystem. When the m_can_pci driver fails to properly free allocated resources during device probe/remove operations, it causes kernel memory exhaustion over time. This affects systems using CAN bus PCI hardware with vulnerable Linux kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic/crash.
Likely Case
Gradual memory consumption leading to performance degradation and eventual system instability requiring reboot.
If Mitigated
Minimal impact with proper monitoring and regular system maintenance.
🎯 Exploit Status
Exploitation requires local access and specific CAN bus hardware. Memory leak vulnerabilities are typically not weaponized for remote exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0bbb88651ef6b7fbb1bf75ec7ba69add632e834b, 1eca1d4cc21b6d0fc5f9a390339804c0afce9439, or ea8dc27bb044e19868155e500ce397007be98656
Vendor Advisory: https://git.kernel.org/stable/c/0bbb88651ef6b7fbb1bf75ec7ba69add632e834b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable m_can_pci module
linuxPrevent loading of vulnerable driver if CAN bus PCI hardware is not required
echo 'blacklist m_can_pci' >> /etc/modprobe.d/blacklist.conf
rmmod m_can_pci
🧯 If You Can't Patch
- Monitor kernel memory usage and system stability
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if m_can_pci module is loaded: 'uname -r' and 'lsmod | grep m_can_pci'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and monitor for memory leaks during CAN device operations📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System instability logs
- Memory exhaustion warnings
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR "slab")