CVE-2022-49337
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's OCFS2 distributed lock manager filesystem (dlmfs). When user_dlm_destroy_lock fails during file unlink operations, it doesn't properly clean up flags, potentially leaving dangling references that can cause kernel panics when accessed later. This affects systems using OCFS2 cluster filesystems.
💻 Affected Systems
- Linux kernel with OCFS2 support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially affecting entire clusters using OCFS2.
Likely Case
System instability or crash when specific OCFS2 file operations fail during lock cleanup.
If Mitigated
Minimal impact if OCFS2 is not used or if vulnerable operations are avoided.
🎯 Exploit Status
Requires local user access and specific OCFS2 file operations to trigger. Not trivial to exploit reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel releases via commits: 02480e2e82ae0e5588374bbbcf4fa6e4959fa174, 1434cd71ad9f3a6beda3036972983b6c4869207c, 2c5e26a626fe46675bceba853e12aaf13c712e10, 337e36550788dbe03254f0593a231c1c4873b20d, 733a35c00ef363a1c774d7ea486e0735b7c13a15
Vendor Advisory: https://git.kernel.org/stable/c/02480e2e82ae0e5588374bbbcf4fa6e4959fa174
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable OCFS2 module
linuxPrevent loading of OCFS2 kernel module if not needed
echo 'install ocfs2 /bin/true' >> /etc/modprobe.d/ocfs2.conf
rmmod ocfs2
Avoid OCFS2 filesystem use
linuxDo not mount or use OCFS2 filesystems until patched
umount /path/to/ocfs2/mount
comment out OCFS2 entries in /etc/fstab
🧯 If You Can't Patch
- Restrict user access to systems using OCFS2 filesystems
- Monitor for OCFS2-related kernel panics and implement failover procedures
🔍 How to Verify
Check if Vulnerable:
Check if OCFS2 module is loaded: lsmod | grep ocfs2. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test OCFS2 file operations that previously caused issues.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'ocfs2' or 'dlmfs'
- Error messages about user_dlm_destroy_lock failures
- System crashes during file unlink operations on OCFS2
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("ocfs2" OR "dlmfs" OR "panic" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/02480e2e82ae0e5588374bbbcf4fa6e4959fa174
- https://git.kernel.org/stable/c/1434cd71ad9f3a6beda3036972983b6c4869207c
- https://git.kernel.org/stable/c/2c5e26a626fe46675bceba853e12aaf13c712e10
- https://git.kernel.org/stable/c/337e36550788dbe03254f0593a231c1c4873b20d
- https://git.kernel.org/stable/c/733a35c00ef363a1c774d7ea486e0735b7c13a15
- https://git.kernel.org/stable/c/82bf8e7271fade40184177cb406203addc34c4a0
- https://git.kernel.org/stable/c/863e0d81b6683c4cbc588ad831f560c90e494bef
- https://git.kernel.org/stable/c/9c96238fac045b289993d7bc5aae7b2d72b25c76
- https://git.kernel.org/stable/c/efb54ec548829e1d3605f0434526f86e345b1b28
