CVE-2022-49087
📋 TL;DR
A race condition in the Linux kernel's rxrpc subsystem allows a use-after-free vulnerability during network namespace cleanup. This can lead to kernel memory corruption and potential system crashes or privilege escalation. Systems running affected Linux kernel versions with rxrpc enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise.
Likely Case
System instability, kernel crashes, or denial of service.
If Mitigated
Minimal impact if rxrpc is disabled or systems are not using network namespaces extensively.
🎯 Exploit Status
Requires race condition timing and local access. Exploitation is non-trivial but possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commit 08ff0e74fab5 or later
Vendor Advisory: https://git.kernel.org/stable/c/08ff0e74fab517dbc44e11b8bc683dd4ecc65950
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable rxrpc module
LinuxPrevent loading of rxrpc kernel module if not required
echo 'blacklist rxrpc' > /etc/modprobe.d/blacklist-rxrpc.conf
rmmod rxrpc
🧯 If You Can't Patch
- Restrict local user access to minimize attack surface
- Monitor system logs for kernel panic or ODEBUG warnings
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if rxrpc module is loaded: uname -r && lsmod | grep rxrpcCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for absence of related warnings📡 Detection & Monitoring
Log Indicators:
- ODEBUG warnings about timer_list
- Kernel panic logs
- Use-after-free detection in kernel logs
Network Indicators:
- Unusual network namespace activity
SIEM Query:
source="kernel" AND ("ODEBUG" OR "timer_list" OR "rxrpc_peer_keepalive")🔗 References
- https://git.kernel.org/stable/c/08ff0e74fab517dbc44e11b8bc683dd4ecc65950
- https://git.kernel.org/stable/c/1946014ca3b19be9e485e780e862c375c6f98bad
- https://git.kernel.org/stable/c/41024a40f6c793abbb916a857f18fb009f07464c
- https://git.kernel.org/stable/c/571d8e1d154ca18f08dcb72b69318d36e10010a0
- https://git.kernel.org/stable/c/7ee84d29f22de6f6c63fad6c54690517659862f1
- https://git.kernel.org/stable/c/864297ee30727ae6233f80296b7fc91442620b05
- https://git.kernel.org/stable/c/cd8aef1f30d1215648e4e6686cfb422004851429
