CVE-2022-49546
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's kexec subsystem on x86_64 systems. When kdump kernel is reloaded or unloaded, an ELF header buffer allocated via vmalloc() is not properly freed, causing a gradual memory exhaustion. This affects systems using kexec/kdump functionality for crash recovery or kernel updates.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could lead to complete system memory exhaustion, causing kernel panic, system crashes, or denial of service on critical systems.
Likely Case
Gradual memory depletion over time when kexec/kdump is used frequently, potentially causing performance degradation or application failures.
If Mitigated
Minimal impact if kexec/kdump is not used or if memory monitoring detects unusual consumption patterns.
🎯 Exploit Status
Exploitation requires local access and ability to execute kexec operations. Memory leak occurs gradually with repeated operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes: 115ee42a4c2f26ba2b4ace2668a3f004621f6833, 23cf39dccf7653650701a6f39b119e9116a27f1a, 8765a423a87d74ef24ea02b43b2728fe4039f248, b3e34a47f98974d0844444c5121aaff123004e57, f675e3a9189d84a9324ab45b0cb19906c2bc8fcb
Vendor Advisory: https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833
Restart Required: Yes
Instructions:
1. Check current kernel version. 2. Update to patched kernel version from your distribution's repositories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable kexec/kdump
linuxPrevent exploitation by disabling kexec and kdump functionality
echo 0 > /proc/sys/kernel/kexec_load_disabled
systemctl disable kdump.service
systemctl stop kdump.service
Restrict kexec permissions
linuxLimit which users can execute kexec operations
chmod 750 /usr/sbin/kexec
setcap cap_sys_resource+ep /usr/sbin/kexec
🧯 If You Can't Patch
- Disable kexec/kdump functionality if not required for operations
- Implement memory monitoring to detect unusual consumption patterns and alert on potential exploitation
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if kexec is enabled: cat /proc/sys/kernel/kexec_load_disabled (0 means enabled)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and test kexec functionality while monitoring memory usage📡 Detection & Monitoring
Log Indicators:
- Repeated kexec operations in system logs
- Increasing memory usage without corresponding application growth
- Kernel oom-killer events
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("kexec" OR "kdump") AND event_count > threshold🔗 References
- https://git.kernel.org/stable/c/115ee42a4c2f26ba2b4ace2668a3f004621f6833
- https://git.kernel.org/stable/c/23cf39dccf7653650701a6f39b119e9116a27f1a
- https://git.kernel.org/stable/c/8765a423a87d74ef24ea02b43b2728fe4039f248
- https://git.kernel.org/stable/c/b3e34a47f98974d0844444c5121aaff123004e57
- https://git.kernel.org/stable/c/f675e3a9189d84a9324ab45b0cb19906c2bc8fcb
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
