CVE-2022-49468 – This is a memory leak vulnerability in the Linu... (How to Fix)

Q: What is the severity of CVE-2022-49468?

CVE-2022-49468 has a CVSS score of 5.5 (MEDIUM). This is a memory leak vulnerability in the Linux kernel's thermal subsystem. When device registration fails in __thermal_cooling_device_register(), allocated memory isn't properly freed, causing kernel memory exhaustion over time. It affects Linux systems using thermal cooling devices.

📋 TL;DR

This is a memory leak vulnerability in the Linux kernel's thermal subsystem. When device registration fails in __thermal_cooling_device_register(), allocated memory isn't properly freed, causing kernel memory exhaustion over time. It affects Linux systems using thermal cooling devices.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE; likely affects versions before the fix commits listed in references.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires thermal subsystem usage and specific device registration failure conditions; not all systems may be vulnerable in practice.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service through resource depletion.

🟠

Likely Case

Gradual memory consumption leading to performance degradation and potential system instability over time, especially on systems with frequent thermal device registration failures.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place; system remains functional but may experience performance issues.

🌐 Internet-Facing: LOW - Requires local access or kernel-level compromise; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the condition, but requires specific thermal device registration failures.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires triggering specific thermal device registration failure conditions.

Exploitation requires local access and ability to trigger thermal device registration failures; not trivial to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 18530bedd221, 21ccc58b671a, 3802171f0b5b, 98a160e898c0, 9abdf0c01842

Vendor Advisory: https://git.kernel.org/stable/c/18530bedd221160823f63ccc20dd55c7a03edbcf

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable thermal cooling devices

linux

Prevent thermal cooling device registration by disabling thermal management features (not recommended for production systems).

echo 0 > /sys/class/thermal/thermal_zone0/mode
modprobe -r thermal_sys

🧯 If You Can't Patch

Implement kernel memory monitoring and alerting for unusual consumption patterns.
Restrict local user access and limit process capabilities to reduce attack surface.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution security advisories; examine if thermal subsystem is active: lsmod | grep thermal

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits; check /proc/version or uname -r; confirm thermal subsystem functions normally.

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
Memory allocation failures in dmesg
Thermal subsystem error messages

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("oom-killer" OR "memory allocation failure" OR "thermal_cooling_device")

📊 Metadata

CVE ID: CVE-2022-49468

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.04% exploit probability (10th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49468, you might also want to check these: