CVE-2022-49358 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49358?

CVE-2022-49358 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's netfilter nf_tables subsystem. When flow rule objects aren't properly destroyed during transaction commits, it allows attackers to cause memory exhaustion over time. This affects all Linux systems using nf_tables with the vulnerable kernel versions.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's netfilter nf_tables subsystem. When flow rule objects aren't properly destroyed during transaction commits, it allows attackers to cause memory exhaustion over time. This affects all Linux systems using nf_tables with the vulnerable kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable versions not explicitly stated in CVE, but patches exist for multiple stable branches

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when nf_tables subsystem is enabled and used. Many systems may not have this enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could repeatedly trigger the memory leak to exhaust system memory, leading to denial of service, system instability, or kernel crashes.

🟠

Likely Case

Memory exhaustion over time causing performance degradation and potential system instability requiring reboots.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place, though still represents resource waste.

🌐 Internet-Facing: MEDIUM - Requires ability to trigger nf_tables operations, which could be done through network traffic manipulation.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, but requires nf_tables usage.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger nf_tables operations. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes available (see git.kernel.org references)

Vendor Advisory: https://git.kernel.org/stable/c/330c0c6cd2150a2d7f47af16aa590078b0d2f736

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable nf_tables if not needed

linux

Remove nf_tables kernel module if not required for system functionality

modprobe -r nf_tables
echo 'blacklist nf_tables' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Monitor system memory usage and implement alerts for unusual memory consumption patterns
Restrict access to nf_tables functionality to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nf_tables module is loaded: lsmod | grep nf_tables

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and monitor for memory leaks after applying patch

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
System memory exhaustion warnings
nf_tables related errors in dmesg

Network Indicators:

Unusual nf_tables rule creation patterns

SIEM Query:

source="kernel" AND ("Out of memory" OR "oom-killer" OR "nf_tables")

📊 Metadata

CVE ID: CVE-2022-49358

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49358, you might also want to check these: