CVE-2022-49066
📋 TL;DR
A kernel panic vulnerability in the Linux kernel's veth driver occurs when processing specially crafted network packets. Attackers can cause denial of service by triggering a kernel BUG() condition that crashes the system. This affects Linux systems using veth devices with act_mirred traffic control actions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash and denial of service requiring physical or remote reboot, potentially disrupting critical services.
Likely Case
Local denial of service affecting network connectivity and system stability on vulnerable configurations.
If Mitigated
Minimal impact if systems are patched or don't use veth with act_mirred in vulnerable configurations.
🎯 Exploit Status
Requires ability to send crafted packets to vulnerable veth interface and specific traffic control configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/1ef0088e43af1de4e3b365218c4d3179d9a37eec
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable act_mirred on veth interfaces
linuxRemove or disable traffic control rules using act_mirred action on veth devices
tc filter del dev <veth_interface>
tc qdisc del dev <veth_interface> root
🧯 If You Can't Patch
- Isolate systems using veth with act_mirred from untrusted networks
- Implement network segmentation to limit potential attack surface
🔍 How to Verify
Check if Vulnerable:
Check if system uses veth interfaces with tc act_mirred rules: 'tc filter show' and 'ip link show type veth'Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases from distribution vendor📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'BUG at include/linux/skbuff.h:2328' or 'eth_type_trans' crashes
Network Indicators:
- Unexpected system crashes during network packet processing on veth interfaces
SIEM Query:
kernel: *BUG* AND (skbuff.h OR eth_type_trans) OR kernel: *panic* AND veth🔗 References
- https://git.kernel.org/stable/c/1ef0088e43af1de4e3b365218c4d3179d9a37eec
- https://git.kernel.org/stable/c/2fd90b86dff413fbf8128780c04ea9c6849c16e2
- https://git.kernel.org/stable/c/3de2a02b60a4ef0ab76263216f08c7d095fc7c42
- https://git.kernel.org/stable/c/46bc359fec0c6d87b70d7a008bcd9a5e30dd6f27
- https://git.kernel.org/stable/c/726e2c5929de841fdcef4e2bf995680688ae1b87
- https://git.kernel.org/stable/c/93940fc4cb81840dc0fa202de48cccb949a0261d
- https://git.kernel.org/stable/c/d417a859221f127e8edf09c14b76ab50f825e171
- https://git.kernel.org/stable/c/d67c900f1947d64ba8a64f693504bcaab8d9000c
