CVE-2022-49356
📋 TL;DR
This CVE addresses a buffer overflow vulnerability in the Linux kernel's SUNRPC RDMA implementation. An attacker could trigger memory corruption by sending specially crafted RDMA Write chunks, potentially leading to system crashes or arbitrary code execution. This affects Linux systems using RDMA (Remote Direct Memory Access) with the SUNRPC subsystem.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, denial of service, or potential arbitrary code execution with kernel privileges leading to complete system compromise.
Likely Case
System crash or kernel panic causing denial of service, requiring system reboot.
If Mitigated
No impact if RDMA is disabled or proper network segmentation prevents access to vulnerable services.
🎯 Exploit Status
Exploitation requires network access to RDMA services and knowledge of RDMA protocol specifics. The vulnerability was discovered through KASAN testing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 659f7568e09593945c221bf20217a82ebdfe1328, 812c13521d4a72469c78ce06d8cdc8dc5b5557b5, ea26bf5eca1459b5a7824997d7823409ce38214e, f012e95b377c73c0283f009823c633104dedb337
Vendor Advisory: https://git.kernel.org/stable/c/659f7568e09593945c221bf20217a82ebdfe1328
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable RDMA
linuxDisable RDMA support if not required
modprobe -r rdma_cm
modprobe -r ib_core
echo 'blacklist rdma_cm' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist ib_core' >> /etc/modprobe.d/blacklist.conf
Disable SUNRPC RDMA
linuxDisable SUNRPC RDMA module specifically
modprobe -r svcrdma
echo 'blacklist svcrdma' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Implement network segmentation to isolate RDMA traffic
- Use firewall rules to restrict access to RDMA ports (typically 20049)
🔍 How to Verify
Check if Vulnerable:
Check if RDMA modules are loaded: lsmod | grep -E 'rdma|svcrdma' and check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commits and RDMA modules are either updated or disabled📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN error reports in dmesg
- System crash/reboot logs
Network Indicators:
- Unusual RDMA traffic patterns
- Connection attempts to RDMA ports
SIEM Query:
source="kernel" AND ("panic" OR "KASAN" OR "svc_rdma")