CVE-2022-49199 – This CVE-2022-49199 is an integer underflow vul... (How to Fix)

Q: What is the severity of CVE-2022-49199?

CVE-2022-49199 has a CVSS score of 5.5 (MEDIUM). This CVE-2022-49199 is an integer underflow vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem. It allows local attackers to trigger memory corruption by passing negative values to the nldev_stat_set_counter_dynamic_doit() function. Systems running vulnerable Linux kernel versions with RDMA enabled are affected.

📋 TL;DR

This CVE-2022-49199 is an integer underflow vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem. It allows local attackers to trigger memory corruption by passing negative values to the nldev_stat_set_counter_dynamic_doit() function. Systems running vulnerable Linux kernel versions with RDMA enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated in CVE, but patches exist in stable kernel trees. Likely affects versions before the fix commits.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if RDMA subsystem is enabled and compiled into the kernel. Many distributions may not have RDMA enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to kernel panic, system crash, or arbitrary code execution with kernel privileges.

🟠

Likely Case

Local denial of service through kernel panic or system instability.

🟢

If Mitigated

Minimal impact if RDMA is disabled or proper access controls restrict local user privileges.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local system access.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to cause system instability or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of RDMA interfaces. No public exploits known as of this analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits: 2a495ef04d5f, 87e0eacb176f, f6dd8669b829

Vendor Advisory: https://git.kernel.org/stable/c/2a495ef04d5f42e6f00eb2bec1ee9075e3d5a771

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check with your Linux distribution for security updates. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable RDMA module

linux

Prevent loading of RDMA kernel modules if not required

echo 'install rdma_cm /bin/false' >> /etc/modprobe.d/disable-rdma.conf
echo 'install ib_core /bin/false' >> /etc/modprobe.d/disable-rdma.conf
update-initramfs -u

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernels
Disable RDMA functionality if not required for operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if RDMA modules are loaded: 'lsmod | grep -i rdma' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check that RDMA modules are either not loaded or system is patched with the fix commits

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash dumps
Unexpected RDMA-related errors in dmesg

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for kernel panic events or RDMA module loading anomalies

📊 Metadata

CVE ID: CVE-2022-49199

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-191

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: February 26, 2025

Last Updated: October 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49199, you might also want to check these: