CVE-2022-49176
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler that can lead to kernel memory corruption. Attackers with local access can potentially cause denial of service, privilege escalation, or arbitrary code execution. Systems using the BFQ scheduler with affected kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel with BFQ I/O scheduler enabled
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, arbitrary code execution at kernel level, or persistent denial of service.
Likely Case
Kernel panic or system crash causing denial of service, potentially requiring physical or remote console access to recover.
If Mitigated
Limited impact if proper kernel hardening and privilege separation are in place, but still risk of system instability.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory layout. No public exploits known at time of disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases via commits: 080665e2c3cbfc68359b9a348a3546ed9b908e7a, 40b4ba0030e0b02cbacd424ebb9f4c8b0976c786, 5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6, 5687958bf18f84384d809f521210d0f5deed03b0, 74e610b5ee0d95e751280567100509eb11517efa
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. Check distribution security advisories for specific patched versions. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable BFQ scheduler
linuxSwitch to alternative I/O scheduler like CFQ or deadline scheduler
echo 'cfq' > /sys/block/[device]/queue/scheduler
🧯 If You Can't Patch
- Restrict local user access to minimize attack surface
- Implement strict privilege separation and limit sudo/root access
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if BFQ scheduler is active: uname -r and check /sys/block/*/queue/schedulerCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and check kernel changelog for fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN use-after-free reports in dmesg
- System crashes related to bfq_dispatch_request
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for: 'KASAN: use-after-free in bfq_dispatch_request' OR 'kernel panic' with bfq context🔗 References
- https://git.kernel.org/stable/c/080665e2c3cbfc68359b9a348a3546ed9b908e7a
- https://git.kernel.org/stable/c/40b4ba0030e0b02cbacd424ebb9f4c8b0976c786
- https://git.kernel.org/stable/c/5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6
- https://git.kernel.org/stable/c/5687958bf18f84384d809f521210d0f5deed03b0
- https://git.kernel.org/stable/c/74e610b5ee0d95e751280567100509eb11517efa
- https://git.kernel.org/stable/c/ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a
- https://git.kernel.org/stable/c/df6e00b1a53c57dca82c63b5ecbcad5452231bc7
