CVE-2022-49144 – A memory leak vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2022-49144?

CVE-2022-49144 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability in the Linux kernel's io_uring subsystem fails to properly release user ID (uid) references when processing file registrations. This allows local attackers to cause kernel memory exhaustion, potentially leading to denial of service. Only Linux systems using io_uring are affected.

📋 TL;DR

A memory leak vulnerability in the Linux kernel's io_uring subsystem fails to properly release user ID (uid) references when processing file registrations. This allows local attackers to cause kernel memory exhaustion, potentially leading to denial of service. Only Linux systems using io_uring are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with io_uring support before fixes in stable releases (specific versions in git commits provided)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where io_uring is enabled and being used. Most modern Linux distributions have io_uring enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker causes kernel memory exhaustion leading to system crash or instability, requiring reboot.

🟠

Likely Case

Local user triggers memory leak causing gradual performance degradation or application failures.

🟢

If Mitigated

Minimal impact with proper memory monitoring and user privilege restrictions in place.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this to disrupt system stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and ability to trigger io_uring file registration operations. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel stable releases referenced in git commits (e.g., 5.10.110, 5.15.33, 5.16.20, 5.17.3)

Vendor Advisory: https://git.kernel.org/stable/c/0853bd6885c2f293d88aaa7f7f1702c959b31680

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable io_uring module

linux

Prevent loading of io_uring kernel module to mitigate vulnerability

echo 'blacklist io_uring' >> /etc/modprobe.d/blacklist.conf
rmmod io_uring

Restrict user access

linux

Limit which users can create io_uring instances

Use Linux capabilities or SELinux/AppArmor to restrict io_uring usage

🧯 If You Can't Patch

Monitor kernel memory usage for unusual growth patterns
Restrict local user access to systems and implement least privilege principles

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare with affected versions. Check if io_uring is loaded: lsmod | grep io_uring

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update shows patched version. Check dmesg for any io_uring related errors after attempted exploitation.

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages in dmesg
Rapid increase in kernel memory usage in system monitoring

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("out of memory" OR "oom" OR "io_uring")

📊 Metadata

CVE ID: CVE-2022-49144

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.04% exploit probability (10th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49144, you might also want to check these: