CVE-2022-49349
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's ext4 filesystem driver that occurs during directory rename operations. Attackers with local access can trigger memory corruption leading to system crashes or potential privilege escalation. It affects Linux systems using ext4 filesystems.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation allowing attackers to gain root access and execute arbitrary code.
Likely Case
System crash or kernel panic causing denial of service, potentially requiring physical or remote console access to reboot.
If Mitigated
System crash with automatic reboot if configured, but no persistent compromise if proper isolation exists.
🎯 Exploit Status
Requires local access and ability to trigger specific directory operations. The vulnerability is in filesystem driver code, making exploitation non-trivial but possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0be698ecbe4471fcad80e81ec6a05001421041b3 or later
Vendor Advisory: https://git.kernel.org/stable/c/0be698ecbe4471fcad80e81ec6a05001421041b3
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply the ext4 fix commit. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ext4 filesystem usage
allUse alternative filesystems like XFS or Btrfs instead of ext4
# Not practical for existing systems, only for new deployments
Restrict directory operations
allLimit user permissions for directory rename operations
# Use filesystem ACLs or SELinux/AppArmor policies to restrict rename operations
🧯 If You Can't Patch
- Implement strict access controls to limit who can perform directory operations
- Monitor for system crashes and implement automated recovery procedures
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ext4 is in use: 'uname -r' and 'mount | grep ext4'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check for the specific commit in kernel source: 'grep -r "ext4_rename_dir_prepare" /usr/src/linux'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- KASAN use-after-free reports
- EXT4-fs error messages
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for: 'KASAN: use-after-free in ext4_rename_dir_prepare' OR 'EXT4-fs error' OR 'kernel panic'🔗 References
- https://git.kernel.org/stable/c/0be698ecbe4471fcad80e81ec6a05001421041b3
- https://git.kernel.org/stable/c/0ff38b99fa075ddd246487a28cb9af049f4ceef1
- https://git.kernel.org/stable/c/10801095224de0d0ab06ae60698680c1f883a3ae
- https://git.kernel.org/stable/c/1a3a15bf6f9963d755270cbdb282863b84839195
- https://git.kernel.org/stable/c/364380c00912bed9b5d99eb485018360b0ecf64f
- https://git.kernel.org/stable/c/4a2bea60cf7ff957b3eda0b17750d483876a02fa
- https://git.kernel.org/stable/c/97f802a652a749422dede32071d29a53cf4bd034
- https://git.kernel.org/stable/c/dd887f83ea54aea5b780a84527e23ab95f777fed
- https://git.kernel.org/stable/c/eaecf7ebfd5dd09038a80b14be46b844f54cfc5c
