CVE-2022-49205 – This is a double-free memory management vulnera... (How to Fix)

Q: What is the severity of CVE-2022-49205?

CVE-2022-49205 has a CVSS score of 7.8 (HIGH). This is a double-free memory management vulnerability in the Linux kernel's BPF sockmap subsystem. It allows local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with BPF sockmap enabled are affected.

📋 TL;DR

This is a double-free memory management vulnerability in the Linux kernel's BPF sockmap subsystem. It allows local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with BPF sockmap enabled are affected.

💻 Affected Systems

Products:

Linux Kernel

Versions: Versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if BPF sockmap functionality is enabled and used. Most default configurations do not enable this feature.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, or potential kernel privilege escalation allowing complete system compromise.

🟠

Likely Case

Kernel panic and system crash causing denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

No impact if BPF sockmap is not used or the system is patched.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access.

🏢 Internal Only: MEDIUM - Internal users with shell access could exploit this to crash systems or potentially gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of BPF sockmap usage. The vulnerability occurs during specific race conditions in socket teardown.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 223f3c51ab163852dd4819d357dcf33039929434, 2486ab434b2c2a14e9237296db00b1e1b7ae3273, 94c6ac22abcdede72bfaa0f4c22fb370891f4002, ac3ecb7760c750c8e4fc09c719241d8e6e88028c, cb6f141ae705af0101e819065a79e6d029f6e393

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable BPF sockmap

linux

Disable the vulnerable BPF sockmap functionality if not required

echo 0 > /proc/sys/net/core/bpf_jit_enable
Remove or disable BPF programs using sockmap

🧯 If You Can't Patch

Restrict local user access to systems using mandatory access controls (SELinux/AppArmor)
Monitor for kernel panic logs and restrict BPF functionality to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if BPF sockmap is enabled: uname -r and check /proc/sys/net/core/bpf_jit_enable

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains the fix commits: grep -q '223f3c51ab163852dd4819d357dcf33039929434' /proc/version_signature || echo 'Check kernel source'

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
WARNING: CPU: 0 PID: at net/ipv4/af_inet.c:155 inet_sock_destruct
Double free detected in kernel logs

Network Indicators:

None - local vulnerability

SIEM Query:

source="kernel" AND ("inet_sock_destruct" OR "double free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-49205

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.05% exploit probability (16.4th percentile)

Published: February 26, 2025

Last Updated: September 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49205, you might also want to check these: