CVE-2022-49384
📋 TL;DR
This CVE describes a double-free vulnerability in the Linux kernel's md (multiple device) subsystem. When exploited, it can cause kernel memory corruption leading to system crashes or potential privilege escalation. Systems running vulnerable Linux kernel versions with md functionality are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation to root via kernel memory corruption.
Likely Case
System instability, kernel crashes, or denial of service when md operations are performed.
If Mitigated
Minimal impact if md functionality is not used or system is properly patched.
🎯 Exploit Status
Requires local access and ability to trigger md operations. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 36a2fc44c574a59ee3b5e2cb327182f227b2b07e, 42b805af102471f53e3c7867b8c2b502ea4eef7e, ea7d7bd90079d96f9c86bdaf0b106e0cd2a70661, f99d5b5dc8a42c807b5f1176b925aa45d61962ab
Vendor Advisory: https://git.kernel.org/stable/c/36a2fc44c574a59ee3b5e2cb327182f227b2b07e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable md functionality
LinuxRemove or blacklist md kernel module to prevent vulnerability exploitation
echo 'blacklist md_mod' > /etc/modprobe.d/blacklist-md.conf
rmmod md_mod
🧯 If You Can't Patch
- Restrict local user access to systems using md functionality
- Monitor system logs for kernel panic or md-related errors
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if md module is loaded: lsmod | grep md_modCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and md operations work without crashes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- md-related error messages in dmesg
- System crash reports
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for 'kernel panic' or 'md' error messages in system logs