CVE-2022-49331 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49331?

CVE-2022-49331 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the st21nfca driver's EVT_TRANSACTION handling. When processing NFC transactions, error paths fail to free previously allocated memory, leading to resource exhaustion over time. This affects Linux systems using the st21nfca NFC driver, primarily embedded devices and IoT systems with NFC capabilities.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the st21nfca driver's EVT_TRANSACTION handling. When processing NFC transactions, error paths fail to free previously allocated memory, leading to resource exhaustion over time. This affects Linux systems using the st21nfca NFC driver, primarily embedded devices and IoT systems with NFC capabilities.

💻 Affected Systems

Products:

Linux kernel with st21nfca NFC driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with st21nfca NFC hardware/driver enabled. Most desktop/server systems are unaffected unless specifically using this NFC chipset.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.

🟠

Likely Case

Gradual memory consumption leading to degraded system performance over time, particularly on resource-constrained devices.

🟢

If Mitigated

Minimal impact with proper monitoring and memory management controls in place.

🌐 Internet-Facing: LOW - Requires physical proximity for NFC interaction, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Could affect NFC-enabled devices in enterprise environments, but requires physical access or malicious NFC tags.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access to trigger NFC transactions with malicious tags or devices. No remote exploitation possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 3eca2c42daa4, 54423649bc0e, 55904086041b, 593773088d61, 6fce324b530d

Vendor Advisory: https://git.kernel.org/stable/c/3eca2c42daa4659965db6817479027cbc6df7899

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable st21nfca NFC driver

linux

Remove or blacklist the vulnerable NFC driver if not needed

echo 'blacklist st21nfca' >> /etc/modprobe.d/blacklist-nfc.conf
rmmod st21nfca

Disable NFC functionality

linux

Turn off NFC hardware at system level

rfkill block nfc

🧯 If You Can't Patch

Disable NFC functionality if not required
Implement monitoring for memory consumption and restart services if memory leaks are detected

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if st21nfca module is loaded: 'uname -r' and 'lsmod | grep st21nfca'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and check dmesg for no memory leak warnings related to NFC

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) messages
Increasing memory usage in /proc/meminfo
dmesg warnings about memory allocation failures

Network Indicators:

N/A - Not network exploitable

SIEM Query:

source="kernel" AND ("out of memory" OR "memory allocation failure") AND process="nfc"

📊 Metadata

CVE ID: CVE-2022-49331

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.03% exploit probability (9.4th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49331, you might also want to check these: