CVE-2022-49078 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-49078?

CVE-2022-49078 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's LZ4 decompression function (LZ4_decompress_safe_partial) allows reading out of bounds when processing specially crafted corrupted data. This can lead to kernel memory corruption, crashes, or potential privilege escalation. All Linux systems using affected kernel versions with LZ4 compression support are vulnerable.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's LZ4 decompression function (LZ4_decompress_safe_partial) allows reading out of bounds when processing specially crafted corrupted data. This can lead to kernel memory corruption, crashes, or potential privilege escalation. All Linux systems using affected kernel versions with LZ4 compression support are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: All Linux distributions

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable if LZ4 compression is used. Many systems use LZ4 for various purposes including filesystems (ZFS, Btrfs), network protocols, and compression utilities.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode allowing full system compromise.

🟠

Likely Case

Kernel crash causing system instability or denial of service.

🟢

If Mitigated

System remains stable with proper kernel hardening and isolation preventing escalation.

🌐 Internet-Facing: MEDIUM - Requires specific conditions where attacker can supply malicious LZ4 data to kernel interfaces.

🏢 Internal Only: MEDIUM - Internal attackers with ability to trigger LZ4 decompression could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger LZ4 decompression with malicious data. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 467d5e200ab4486b744fe1776154a43d1aa22d4b, 6adc01a7aa37445dafe8846faa0610a86029b253, 73953dfa9d50e5c9fe98ee13fd1d3427aa12a0a3, 9fb8bc6cfc58773ce95414e11c9ccc8fc6ac4927, e64dbe97c05c769525cbca099ddbd22485630235

Vendor Advisory: https://git.kernel.org/stable/c/467d5e200ab4486b744fe1776154a43d1aa22d4b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable LZ4 compression

all

Disable LZ4 compression in system configurations where possible to reduce attack surface

Check system documentation for LZ4 configuration options

🧯 If You Can't Patch

Implement strict input validation for any user-controlled data that triggers LZ4 decompression
Isolate systems using LZ4 compression behind network segmentation and strict access controls

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisories. Run: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
System crash logs
OOM killer activity related to kernel memory

Network Indicators:

Unusual network traffic patterns to services using LZ4 compression

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="kernel"

📊 Metadata

CVE ID: CVE-2022-49078

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.1% exploit probability (27.1th percentile)

Published: February 26, 2025

Last Updated: December 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49078, you might also want to check these: