CVE-2022-49413 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-49413?

CVE-2022-49413 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler allows an attacker to cause kernel memory corruption when processes migrate between cgroups. This can lead to system crashes, privilege escalation, or arbitrary code execution. All Linux systems using the BFQ scheduler are affected.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler allows an attacker to cause kernel memory corruption when processes migrate between cgroups. This can lead to system crashes, privilege escalation, or arbitrary code execution. All Linux systems using the BFQ scheduler are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with BFQ scheduler support before the fix commits

Operating Systems: Linux distributions using BFQ scheduler (Ubuntu, Fedora, Debian, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the BFQ I/O scheduler. Many distributions use it by default or as an option.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, privilege escalation to root, or arbitrary code execution in kernel context leading to complete system compromise.

🟠

Likely Case

System instability, crashes, or denial of service due to kernel memory corruption.

🟢

If Mitigated

Minimal impact if proper kernel hardening and container isolation are in place.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Local attackers or malicious processes could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to manipulate cgroup processes. Race condition exploitation adds complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 2a1077f17169a6059992a0bbdb330e0abad1e6d9 or later

Vendor Advisory: https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable BFQ scheduler

all

Switch to a different I/O scheduler like CFQ or deadline

echo 'cfq' > /sys/block/[device]/queue/scheduler

Restrict cgroup operations

all

Limit cgroup manipulation to trusted users only

chmod 750 /sys/fs/cgroup
setfacl -m u:root:rwx /sys/fs/cgroup

🧯 If You Can't Patch

Implement strict access controls on cgroup filesystem
Use kernel hardening features like SELinux/AppArmor to restrict process capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if BFQ scheduler is active: cat /sys/block/sda/queue/scheduler | grep -q '\[bfq\]' && echo 'BFQ active'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: uname -r and check with distribution vendor

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in dmesg
System crashes or panics
Unexpected process terminations

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("Oops" OR "panic" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2022-49413

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: February 26, 2025

Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49413, you might also want to check these: