CVE-2022-49279
📋 TL;DR
This CVE describes an integer overflow vulnerability in the Linux kernel's NFSD (Network File System Daemon) that affects 32-bit systems. When processing certain operations, a multiplication operation can overflow, potentially leading to memory corruption. Systems running 32-bit Linux kernels with NFSD enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Integer overflow could lead to kernel memory corruption, potentially causing system crashes (kernel panic) or allowing local privilege escalation to root.
Likely Case
System instability or crashes when processing specific NFS operations on affected 32-bit systems.
If Mitigated
Minimal impact if NFSD is disabled or systems are patched; isolated to NFS service disruptions.
🎯 Exploit Status
Exploitation requires access to NFS service and knowledge of triggering conditions; no public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 23a9dbbe0faf124fc4c139615633b9d12a3a89ef, 303cd6173dce0a28d26526c77814eb90a41bd898, 3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8, 79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c, 7af164fa2f1abc577d357d22d83a2f3490875d7e
Vendor Advisory: https://git.kernel.org/stable/c/23a9dbbe0faf124fc4c139615633b9d12a3a89ef
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable NFSD service
linuxIf NFS sharing is not required, disable the NFS server daemon to eliminate attack surface.
systemctl stop nfs-server
systemctl disable nfs-server
Restrict NFS access
linuxLimit NFS access to trusted networks and clients only using firewall rules.
iptables -A INPUT -p tcp --dport 2049 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -j DROP
🧯 If You Can't Patch
- Migrate from 32-bit to 64-bit Linux kernel if hardware supports it
- Disable NFSD service entirely if not required for operations
🔍 How to Verify
Check if Vulnerable:
Check if running 32-bit kernel with NFSD enabled: 'uname -m' returns i686/i386 and 'systemctl is-active nfs-server' returns activeCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes patched commits: 'uname -r' and verify with distribution's security advisories📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs in /var/log/messages or dmesg
- NFSD crash/restart events in system logs
Network Indicators:
- Unusual NFS traffic patterns from untrusted sources
SIEM Query:
source="kernel" AND "panic" OR source="nfsd" AND "segfault" OR "crash"🔗 References
- https://git.kernel.org/stable/c/23a9dbbe0faf124fc4c139615633b9d12a3a89ef
- https://git.kernel.org/stable/c/303cd6173dce0a28d26526c77814eb90a41bd898
- https://git.kernel.org/stable/c/3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8
- https://git.kernel.org/stable/c/79b1c54fc6ce09ee0d5fe088bb3de26ae2150e3c
- https://git.kernel.org/stable/c/7af164fa2f1abc577d357d22d83a2f3490875d7e
- https://git.kernel.org/stable/c/ce1aa09cc14ed625104acc2d487bd92b9a88efe2
- https://git.kernel.org/stable/c/e4195d27306ea468a6dc3a27af6f586709951229
