CVE-2022-49347
📋 TL;DR
A race condition vulnerability in the Linux kernel's ext4 filesystem that can trigger a kernel panic (denial of service) when handling inline data conversion under delay allocation mode. This affects Linux systems using ext4 filesystems with inline data enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss.
Likely Case
System crash requiring reboot, causing temporary service disruption.
If Mitigated
No impact if patched or workarounds applied.
🎯 Exploit Status
Exploitation requires local access and specific sequence of filesystem operations with precise timing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from stable commits: 013f12bdedb96816aaa27ee04349f4433d361f52, 18a759f7f99f0b65a08ff5b7e745fc405a42bde4, 19918ec7717d87d5ab825884a46b26b21375d7ce, 1b061af037646c9cdb0afd8a8d2f1e1c06285866, 1cde35417edc0370fb0179a4e38b78a15350a8d0
Vendor Advisory: https://git.kernel.org/stable/c/013f12bdedb96816aaa27ee04349f4433d361f52
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable ext4 inline data feature
linuxMount ext4 filesystems with 'noinline_data' option to disable inline data feature
mount -o remount,noinline_data /mount/point
Add 'noinline_data' to /etc/fstab mount options
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system logs for ext4 filesystem errors and kernel panics
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using ext4 with inline data: uname -r && grep -E 'ext4.*inline_data' /proc/mountsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for absence of ext4 error messages in dmesg📡 Detection & Monitoring
Log Indicators:
- kernel: BUG at fs/ext4/inode.c:2708
- EXT4-fs error: ext4_mb_generate_buddy
- kernel panic related to ext4_writepages
Network Indicators:
- None - local filesystem issue
SIEM Query:
source="kernel" AND ("ext4_writepages" OR "ext4_mb_generate_buddy" OR "BUG at fs/ext4/inode.c")🔗 References
- https://git.kernel.org/stable/c/013f12bdedb96816aaa27ee04349f4433d361f52
- https://git.kernel.org/stable/c/18a759f7f99f0b65a08ff5b7e745fc405a42bde4
- https://git.kernel.org/stable/c/19918ec7717d87d5ab825884a46b26b21375d7ce
- https://git.kernel.org/stable/c/1b061af037646c9cdb0afd8a8d2f1e1c06285866
- https://git.kernel.org/stable/c/1cde35417edc0370fb0179a4e38b78a15350a8d0
- https://git.kernel.org/stable/c/73fd5b19285197078ee8a2e651d75d5b094a4de9
- https://git.kernel.org/stable/c/b2b78f5bf2d453dda3903955efee059260787a42
- https://git.kernel.org/stable/c/de1732b5c1693ad489c5d254f124f67cb775f37d
- https://git.kernel.org/stable/c/ef09ed5d37b84d18562b30cf7253e57062d0db05
