CVE-2022-49085
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's DRBD (Distributed Replicated Block Device) subsystem. It allows attackers with local access to potentially crash the kernel or execute arbitrary code with kernel privileges. Systems using DRBD with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel with DRBD support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level access leading to full system compromise, data corruption, or persistent backdoor installation.
Likely Case
Kernel panic or system crash causing denial of service and potential data loss in DRBD-managed storage.
If Mitigated
No impact if DRBD is not enabled or the system is patched.
🎯 Exploit Status
Requires local access and knowledge of kernel exploitation techniques. Use-after-free bugs can be challenging to exploit reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0489700bfeb1e53eb2039c2291c67e71b0b40103 or later
Vendor Advisory: https://git.kernel.org/stable/c/0489700bfeb1e53eb2039c2291c67e71b0b40103
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. For custom kernels, apply the upstream patch. 3. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Disable DRBD module
LinuxUnload the DRBD kernel module if not required
modprobe -r drbd
echo 'blacklist drbd' > /etc/modprobe.d/blacklist-drbd.conf
🧯 If You Can't Patch
- Ensure DRBD module is not loaded (check with 'lsmod | grep drbd')
- Restrict local user access through proper privilege separation and monitoring
🔍 How to Verify
Check if Vulnerable:
Check if DRBD module is loaded: 'lsmod | grep drbd' and check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commit and DRBD module loads without errors📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes or panics
- DRBD-related errors in dmesg
Network Indicators:
- None - local exploitation only
SIEM Query:
Search for kernel panic events or DRBD module loading/unloading anomalies🔗 References
- https://git.kernel.org/stable/c/0489700bfeb1e53eb2039c2291c67e71b0b40103
- https://git.kernel.org/stable/c/188fe6b26765edbad4055611c0f788b6870f4024
- https://git.kernel.org/stable/c/226e993c39405292781bfcf4b039a8db56aab362
- https://git.kernel.org/stable/c/594205b4936771a250f9d141e7e0fff21c3dd2d9
- https://git.kernel.org/stable/c/a972c768723359ec995579902473028fe3cd64b1
- https://git.kernel.org/stable/c/aadb22ba2f656581b2f733deb3a467c48cc618f6
- https://git.kernel.org/stable/c/b6a4055036eed1f5e239ce3d8b0db1ce38bba447
- https://git.kernel.org/stable/c/dcf6be17b5c53b741898d2223b23e66d682de300
- https://git.kernel.org/stable/c/de63e74da2333b4068bb79983e632db730fea97e
