CVE-2022-49295
📋 TL;DR
A race condition vulnerability in the Linux kernel's NBD (Network Block Device) driver that can cause a NULL pointer dereference when the nbd module is being unloaded while netlink commands are being processed. This affects Linux systems using the NBD module, potentially causing kernel crashes or denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot the system.
Likely Case
System crash or kernel oops when NBD module is unloaded while NBD clients are active, causing temporary service disruption.
If Mitigated
No impact if NBD module is not loaded or not in use, or if proper patching has been applied.
🎯 Exploit Status
Exploitation requires race condition timing and NBD module usage. No public exploits known as of knowledge cutoff.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commits: 013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c, 06c4da89c24e7023ea448cadf8e9daf06a0aae6e, 1be608e1ee1f222464b2856bda9b85ab5184a33e, 3d5da1ffba3388c2ae2e6c598855a4d887d3bf79, 6f505bbb8063fd3a238a4239d2d8c165e5279f6f
Vendor Advisory: https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify nbd module is not loaded if not needed.
🔧 Temporary Workarounds
Unload NBD module if not needed
linuxRemove the nbd kernel module to eliminate the vulnerability surface
sudo rmmod nbd
Blacklist NBD module
linuxPrevent nbd module from being loaded automatically
echo 'blacklist nbd' | sudo tee /etc/modprobe.d/blacklist-nbd.conf
sudo update-initramfs -u
🧯 If You Can't Patch
- Ensure NBD module is not loaded unless absolutely required
- Monitor system logs for kernel oops or crashes related to NBD operations
🔍 How to Verify
Check if Vulnerable:
Check if nbd module is loaded: lsmod | grep nbd. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution. Verify nbd module can be safely unloaded/reloaded.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning nbd, down_write, or NULL pointer dereference at address 0000000000000098
- System crash logs when NBD operations are in progress
Network Indicators:
- Unexpected disconnections of NBD clients
- Failed NBD mount operations
SIEM Query:
source="kernel" AND ("nbd" OR "NULL pointer dereference" OR "Oops")🔗 References
- https://git.kernel.org/stable/c/013a79f1b5c89290e2e97f1ebf14b14e0cf5fe5c
- https://git.kernel.org/stable/c/06c4da89c24e7023ea448cadf8e9daf06a0aae6e
- https://git.kernel.org/stable/c/1be608e1ee1f222464b2856bda9b85ab5184a33e
- https://git.kernel.org/stable/c/3d5da1ffba3388c2ae2e6c598855a4d887d3bf79
- https://git.kernel.org/stable/c/6f505bbb8063fd3a238a4239d2d8c165e5279f6f
- https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25
- https://git.kernel.org/stable/c/c0868f6e728c3c28bef0e8bee89d2daf86a8bbca
- https://git.kernel.org/stable/c/cbeafa7a79d08ecdb55f8f1d41a11323d0f709db
