CVE-2022-49153 – A memory leak vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2022-49153?

CVE-2022-49153 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability in the Linux kernel's WireGuard VPN implementation occurs when IPv6 is disabled at compile time (CONFIG_IPV6=n). When sending packets via IPv6-disabled sockets, the kernel fails to free socket buffers (skb), leading to gradual memory exhaustion. This affects Linux systems running vulnerable kernel versions with WireGuard enabled.

📋 TL;DR

A memory leak vulnerability in the Linux kernel's WireGuard VPN implementation occurs when IPv6 is disabled at compile time (CONFIG_IPV6=n). When sending packets via IPv6-disabled sockets, the kernel fails to free socket buffers (skb), leading to gradual memory exhaustion. This affects Linux systems running vulnerable kernel versions with WireGuard enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: WireGuard kernel module versions before the fix (specific commit ranges vary by kernel version)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when: 1) WireGuard is enabled/loaded, 2) Kernel compiled with CONFIG_IPV6=n (IPv6 disabled), 3) Using affected kernel versions. Most distributions enable IPv6 by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could cause kernel memory exhaustion, leading to system instability, denial of service, or crashes requiring reboot.

🟠

Likely Case

Gradual memory consumption over time, potentially causing performance degradation or system instability in WireGuard-heavy environments.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits; systems may experience occasional performance issues.

🌐 Internet-Facing: LOW - Requires WireGuard connection establishment; not directly exploitable via network packets.

🏢 Internal Only: MEDIUM - Internal WireGuard clients/servers could trigger the leak during normal operation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW - Triggered by normal WireGuard operation when conditions met.

Not a remote code execution vulnerability. Exploitation requires ability to establish WireGuard connections.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 096f9d35cac0a0c95ffafc00db84786b665a4837 and related backports

Vendor Advisory: https://git.kernel.org/stable/c/096f9d35cac0a0c95ffafc00db84786b665a4837

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system. 3. Verify WireGuard module loads correctly.

🔧 Temporary Workarounds

Enable IPv6 kernel support

linux

Recompile kernel with CONFIG_IPV6=y to avoid the vulnerable code path

# Reconfigure kernel with IPv6 enabled
# Recompile and install kernel

Disable WireGuard

linux

Remove or blacklist WireGuard kernel module if not needed

sudo modprobe -r wireguard
echo 'blacklist wireguard' | sudo tee /etc/modprobe.d/blacklist-wireguard.conf

🧯 If You Can't Patch

Monitor kernel memory usage closely for unusual increases
Implement memory limits and restart WireGuard services periodically

🔍 How to Verify

Check if Vulnerable:

Check kernel version and WireGuard module loading: uname -r && lsmod | grep wireguard

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and check dmesg for memory leak reports

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages in dmesg
Increasing memory usage in /proc/meminfo
WireGuard connection errors

Network Indicators:

Normal WireGuard traffic patterns

SIEM Query:

source="kernel" AND "Out of memory" OR "slab error" AND process="wireguard"

📊 Metadata

CVE ID: CVE-2022-49153

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.04% exploit probability (10th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49153, you might also want to check these: