CVE-2022-49368
📋 TL;DR
This vulnerability allows an attacker with local user access to trigger an out-of-bounds read in the MediaTek Ethernet driver in the Linux kernel. It affects systems using MediaTek Ethernet hardware with Hardware LRO (Large Receive Offload) enabled. The vulnerability could lead to information disclosure or system instability.
💻 Affected Systems
- Linux kernel with MediaTek Ethernet driver (mtk_eth_soc)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to privilege escalation or system crash, potentially allowing attackers to bypass security boundaries.
Likely Case
Information disclosure of kernel memory contents or denial of service through system instability/crash.
If Mitigated
Limited impact due to requirement of local user access and specific hardware configuration.
🎯 Exploit Status
Exploitation requires local user access and knowledge of the vulnerable interface. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 0b238f75b65e, 2bd1faedb74d, 4cde554c70d7, 5ba81f82607e, or 657e7174603f
Vendor Advisory: https://git.kernel.org/stable/c/0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable Hardware LRO
allDisable the Hardware Large Receive Offload feature that contains the vulnerable code path
ethtool -K <interface> lro off
🧯 If You Can't Patch
- Restrict local user access to systems with MediaTek Ethernet hardware
- Implement strict access controls and monitoring for systems that cannot be patched
🔍 How to Verify
Check if Vulnerable:
Check if system uses MediaTek Ethernet hardware and has kernel version before fix commits: 'uname -r' and 'lspci | grep -i mediatek'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'uname -r' and check kernel changelog for commit hashes📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages, system crashes, unusual ethtool command usage
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic logs or ethtool command execution from unauthorized users🔗 References
- https://git.kernel.org/stable/c/0b238f75b65ed4462ef4cdfa718cac0ac7fce3b8
- https://git.kernel.org/stable/c/2bd1faedb74dc2a2be3972abcd4239b75a3e7b00
- https://git.kernel.org/stable/c/4cde554c70d7397cfa2e4116bacb4accdfb6fd48
- https://git.kernel.org/stable/c/5ba81f82607ead85fe36f50869fc4f5661359ab8
- https://git.kernel.org/stable/c/657e7174603f0aab2cdedc64ac81edffd2a87afe
- https://git.kernel.org/stable/c/71ae30662ec610b92644d13f79c78f76f17873b3
- https://git.kernel.org/stable/c/b24ca1cf846273361d5bd73a35de95a486a54b6d
- https://git.kernel.org/stable/c/b4f0e57ea0d867aacffad7999527e48bd4ea9293
- https://git.kernel.org/stable/c/e7e7104e2d5ddf3806a28695670f21bef471f1e1
