CVE-2022-49044
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's dm-integrity subsystem allows attackers to write beyond allocated buffer boundaries when tag_size is configured smaller than the digest size. This can lead to kernel memory corruption and potential system compromise. Systems using dm-integrity with misconfigured tag_size parameters are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to privilege escalation, denial of service, or arbitrary code execution in kernel context.
Likely Case
System crashes, kernel panics, or denial of service due to memory corruption.
If Mitigated
Limited impact if dm-integrity is not in use or properly configured with tag_size >= digest size.
🎯 Exploit Status
Requires local access and ability to configure dm-integrity devices. Exploitation depends on specific memory layout and configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 08c1af8f1c13, 4d485cf9b609, 6a95d91c0b31, 6b4bf97587ef, 7f84c9372229
Vendor Advisory: https://git.kernel.org/stable/c/08c1af8f1c13bbf210f1760132f4df24d0ed46d6
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid misconfigured dm-integrity
allEnsure tag_size parameter is not less than digest size when configuring dm-integrity devices
# When creating dm-integrity devices, ensure tag_size >= digest size
# Example: integritysetup format --tag-size=32 /dev/sdX
🧯 If You Can't Patch
- Disable dm-integrity if not required for system functionality
- Audit existing dm-integrity configurations to ensure tag_size >= digest size
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if dm-integrity is in use with potentially misconfigured tag_sizeCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and no dm-integrity devices have tag_size < digest size📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash dumps
- dm-integrity error messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic events or dm-integrity related crashes in system logs🔗 References
- https://git.kernel.org/stable/c/08c1af8f1c13bbf210f1760132f4df24d0ed46d6
- https://git.kernel.org/stable/c/4d485cf9b609709e45d5113e6e2b1b01254b2fe9
- https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0
- https://git.kernel.org/stable/c/6b4bf97587ef6c1927a78934b700204920655123
- https://git.kernel.org/stable/c/7f84c937222944c03f4615ca4742df6bed0e5adf
- https://git.kernel.org/stable/c/cd02b2687d66f0a8e716384de4b9a0671331f1dc
