CVE-2022-49412
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler allows local attackers to cause kernel memory corruption, potentially leading to system crashes or privilege escalation. This affects Linux systems using the BFQ scheduler with specific timing conditions during queue merging operations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation to root via kernel memory corruption.
Likely Case
System instability, crashes, or denial of service affecting I/O performance.
If Mitigated
Minimal impact with proper kernel hardening and container isolation.
🎯 Exploit Status
Requires local access and specific timing conditions during I/O operations with cgroup reparenting.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 5ee21edaed09, 8abc8763b11c, a16c65cca7d2, or c1cee4ab36ac
Vendor Advisory: https://git.kernel.org/stable/c/5ee21edaed09e6b25f2c007b3f326752bc89bacf
Restart Required: Yes
Instructions:
1. Update kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable BFQ scheduler
allSwitch to a different I/O scheduler like CFQ or deadline
echo cfq > /sys/block/[device]/queue/scheduler
Disable cgroup I/O controller
allPrevent cgroup reparenting that triggers the vulnerability
mount -t cgroup -o none,name=cgroup /sys/fs/cgroup
🧯 If You Can't Patch
- Restrict local user access to systems using BFQ scheduler
- Implement strict container isolation to prevent cgroup manipulation
🔍 How to Verify
Check if Vulnerable:
Check if BFQ scheduler is active: cat /sys/block/[device]/queue/scheduler | grep -i bfqCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or is newer than patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of use-after-free in __bfq_deactivate_entity
Network Indicators:
- None - local vulnerability only
SIEM Query:
kernel:panic OR kernel:BUG: KASAN: use-after-free in __bfq_deactivate_entity