Login Sign Up

CVE-2022-49505

7.8 HIGH

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's NFC subsystem where the rfkill pointer is not properly nulled out after unregistration, allowing potential memory corruption. It affects Linux systems with NFC functionality enabled and can lead to kernel crashes or privilege escalation. The vulnerability requires local access or ability to trigger NFC operations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions between commit 3e3b5dfcd16a and the fix commits (specific versions vary by distribution)
Operating Systems: All Linux distributions with vulnerable kernel versions and NFC support
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if NFC subsystem is enabled and compiled into the kernel (CONFIG_NFC). Many servers and embedded systems may not have NFC enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level execution, potentially leading to full system compromise or persistent backdoor installation.

🟠

Likely Case

Kernel panic or system crash causing denial of service, requiring reboot to restore functionality.

🟢

If Mitigated

Limited impact if NFC functionality is disabled or unused, with potential for system instability if triggered.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger NFC operations. The KASAN trace suggests it was found through fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in stable kernel releases via commits: 1632be63862f, 1b0e81416a24, 2a1b5110c95e, 4a68938f43b7, 4f5d71930f41

Vendor Advisory: https://git.kernel.org/stable/c/1632be63862f183cd5cf1cc094e698e6ec005dfd

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. For custom kernels, apply the fix commit that NULLs out dev->rfkill in nfc_unregister_device(). 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable NFC functionality

Linux

Remove or disable NFC kernel module if not needed

modprobe -r nfc
echo 'blacklist nfc' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Disable NFC functionality at kernel compile time by setting CONFIG_NFC=n
  • Implement strict access controls to prevent unauthorized users from triggering NFC operations

🔍 How to Verify

Check if Vulnerable:

Check if NFC module is loaded: lsmod | grep nfc. Check kernel version against distribution advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched: uname -r. Check if fix commit is present in kernel source.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN use-after-free reports in dmesg
  • NFC-related crash logs

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("KASAN: use-after-free" OR "nfc" AND "panic" OR "Oops")

📊 Metadata

CVE ID: CVE-2022-49505
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.04% exploit probability (12.2th percentile)
Published: February 26, 2025
Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49505, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)