CVE-2022-49395
📋 TL;DR
This is an out-of-bounds read vulnerability in the Linux kernel's User Mode Linux (UML) subsystem. It occurs when setting up Local Descriptor Table (LDT) entries due to incorrect parameter handling in syscall_stub_data(), potentially allowing kernel memory disclosure. Only systems running User Mode Linux are affected.
💻 Affected Systems
- Linux kernel with User Mode Linux (UML) support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to information leakage, which could be chained with other vulnerabilities for privilege escalation or system compromise.
Likely Case
Kernel crash or denial of service due to invalid memory access, potentially causing system instability.
If Mitigated
No impact if UML is not used or the system is patched.
🎯 Exploit Status
Exploitation requires UML environment and knowledge of kernel internals. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/10995a382271254bd276627ec74136da4a23c4a6
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable UML
allDisable User Mode Linux support in kernel configuration
Ensure CONFIG_UML is not set in kernel configuration
🧯 If You Can't Patch
- Disable UML kernel module if loaded
- Avoid using User Mode Linux environments
🔍 How to Verify
Check if Vulnerable:
Check if UML is enabled and kernel version is before fix. Run: grep CONFIG_UML /boot/config-$(uname -r) && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits and UML is either disabled or patched📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN stack-out-of-bounds reports in dmesg
- UML process crashes
Network Indicators:
- None specific - local vulnerability
SIEM Query:
Search for 'KASAN: stack-out-of-bounds' or 'syscall_stub_data' in kernel logs🔗 References
- https://git.kernel.org/stable/c/10995a382271254bd276627ec74136da4a23c4a6
- https://git.kernel.org/stable/c/24ca648bf5f72ed8878cf09b5d4431935779681e
- https://git.kernel.org/stable/c/2a4a62a14be1947fa945c5c11ebf67326381a568
- https://git.kernel.org/stable/c/3549ab4b962cf619e8c55484a0d870a34b3f845f
- https://git.kernel.org/stable/c/668ca34a428d6ffc0f99a1a6a9b661a288d4183b
- https://git.kernel.org/stable/c/91e5ba2af2d729d5126aefd5aa3eadc69b8426e5
- https://git.kernel.org/stable/c/9caad70819aef3431abaf73ba5163b55b161aba0
- https://git.kernel.org/stable/c/cf0dabc37446c5ee538ae7b4c467ab0e53fa5463
- https://git.kernel.org/stable/c/ef1dc929a1e5fa1b2d842256db9fb8710d3be910
