CVE-2022-49407
📋 TL;DR
This CVE-2022-49407 is a memory corruption vulnerability in the Linux kernel's Distributed Lock Manager (DLM) component where improper casting between data structures leads to an out-of-bounds read. It affects Linux systems using DLM for cluster file system locking, potentially allowing local attackers to read kernel memory or cause denial of service. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level access, information disclosure of sensitive kernel memory, or system crash leading to denial of service.
Likely Case
Kernel panic or system crash causing denial of service, potentially disrupting clustered file systems and applications relying on DLM.
If Mitigated
Limited impact if DLM is not used or proper access controls prevent local exploitation.
🎯 Exploit Status
Exploitation requires local access and knowledge of DLM operations. The KASAN report shows the exact code path but crafting a reliable exploit requires understanding of DLM internals.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 2c55155cc365, 42252d0d2aa9, 49cd9eb7b9a7, 56aa8d1fbd02, 5a1765adf985
Vendor Advisory: https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable DLM module
LinuxUnload the DLM kernel module if not required for system operation
modprobe -r dlm
Blacklist DLM module
LinuxPrevent DLM module from loading at boot
echo 'blacklist dlm' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems using DLM
- Monitor for unusual DLM-related crashes or kernel panics
🔍 How to Verify
Check if Vulnerable:
Check if DLM module is loaded: lsmod | grep dlm. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and DLM module loads without errors in system logs.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports mentioning dlm or plock
- System crashes during file locking operations
Network Indicators:
- None - purely local exploitation
SIEM Query:
source="kernel" AND ("KASAN" OR "dlm" OR "plock") AND ("slab-out-of-bounds" OR "panic")🔗 References
- https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33
- https://git.kernel.org/stable/c/42252d0d2aa9b94d168241710a761588b3959019
- https://git.kernel.org/stable/c/49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d
- https://git.kernel.org/stable/c/56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc
- https://git.kernel.org/stable/c/5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee
- https://git.kernel.org/stable/c/72f2f68970f9bdc252d59e119b385a6441b0b155
- https://git.kernel.org/stable/c/899bc4429174861122f0c236588700a4710c1fec
- https://git.kernel.org/stable/c/acdad5bc9827922ec2f2e84fd198718aa8e8ab92
- https://git.kernel.org/stable/c/e421872fa17542cf33747071fb141b0130ce9ef7
