CVE-2022-49206 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49206?

CVE-2022-49206 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's RDMA/mlx5 driver. When the second xa_insert() operation fails during event subscription, the system fails to release allocated memory, causing a resource leak. This affects systems using RDMA with mlx5 hardware.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's RDMA/mlx5 driver. When the second xa_insert() operation fails during event subscription, the system fails to release allocated memory, causing a resource leak. This affects systems using RDMA with mlx5 hardware.

💻 Affected Systems

Products:

Linux kernel with RDMA/mlx5 driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RDMA is enabled and mlx5 hardware/driver is in use; not all Linux systems are affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.

🟠

Likely Case

Gradual memory consumption over time leading to performance degradation and eventual system instability requiring reboot.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place; system remains functional but may require periodic maintenance.

🌐 Internet-Facing: LOW - Requires local access or specialized RDMA network access; not directly exploitable from internet.

🏢 Internal Only: MEDIUM - Affects systems using RDMA for high-performance computing, storage, or networking; requires local or network access to RDMA interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger the specific error condition in RDMA event subscription; typically requires local access or RDMA network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 0174a89663a5ef83617da15bf24c0af2f62b6c7f and related stable backports

Vendor Advisory: https://git.kernel.org/stable/c/0174a89663a5ef83617da15bf24c0af2f62b6c7f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable RDMA if not needed

linux

Disable RDMA functionality to prevent triggering the vulnerable code path

modprobe -r mlx5_ib
echo 'blacklist mlx5_ib' > /etc/modprobe.d/disable-mlx5.conf

Monitor memory usage

linux

Implement monitoring for abnormal memory consumption in RDMA processes

watch -n 60 'cat /proc/meminfo | grep -E "MemFree|MemAvailable"'
systemctl status rdma.service

🧯 If You Can't Patch

Implement strict memory limits using cgroups for RDMA-related processes
Monitor system logs for RDMA error messages and restart services if memory leaks are detected

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if RDMA/mlx5 is loaded: uname -r && lsmod | grep mlx5

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after fix commits and test RDMA functionality remains working

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
RDMA subsystem error logs
Abnormal memory consumption in /proc/meminfo

Network Indicators:

RDMA connection failures
Increased retransmissions on RDMA networks

SIEM Query:

source="kernel" AND ("oom" OR "out of memory") AND process="rdma"

📊 Metadata

CVE ID: CVE-2022-49206

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.05% exploit probability (16.1th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49206, you might also want to check these: