CVE-2022-49549 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49549?

CVE-2022-49549 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's x86 Machine Check Exception (MCE) subsystem for AMD processors. When threshold_create_bank() fails during device creation, the previously allocated threshold banks array is not properly freed, leading to kernel memory exhaustion over time. This affects Linux systems running on AMD processors with the MCE subsystem enabled.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's x86 Machine Check Exception (MCE) subsystem for AMD processors. When threshold_create_bank() fails during device creation, the previously allocated threshold banks array is not properly freed, leading to kernel memory exhaustion over time. This affects Linux systems running on AMD processors with the MCE subsystem enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE; typically affects kernel versions before the fix commits listed in references

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD processors with Machine Check Exception subsystem enabled; vulnerability triggers during specific error conditions in threshold bank creation.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, kernel panics, or denial of service through resource depletion.

🟠

Likely Case

Gradual memory leak leading to performance degradation and potential system crashes over extended periods, particularly on systems with frequent MCE device operations.

🟢

If Mitigated

Minimal impact with proper monitoring and patching; memory leak would be detected and addressed before causing system instability.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the condition, but exploitation requires specific conditions and privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires triggering specific failure conditions in kernel memory allocation; primarily a reliability issue rather than a security bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 396b8e7ab2a99ddac57d3522b3da5e58cb608d37, 9708f1956eeb70c86943e0bc62fa3b0101b59616, b4acb8e7f1594607bc9017ef0aacb40b24a003d6, cc0dd4456f9573bf8af9b4d8754433918e809e1e, e5f28623ceb103e13fc3d7bd45edf9818b227fd0

Vendor Advisory: https://git.kernel.org/stable/c/396b8e7ab2a99ddac57d3522b3da5e58cb608d37

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable MCE thresholding

linux

Disable Machine Check Exception thresholding feature if not required

echo 0 > /sys/devices/system/machinecheck/machinecheck0/check_interval

🧯 If You Can't Patch

Implement kernel memory monitoring to detect abnormal memory consumption patterns
Restrict local user access to systems where patching is not immediately possible

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from kernel git commits; examine if system uses AMD processors with MCE enabled

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits; monitor /proc/meminfo and kernel logs for memory leak indicators

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
Memory allocation failures in kernel logs
System instability or crashes

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "memory allocation failure")

📊 Metadata

CVE ID: CVE-2022-49549

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.04% exploit probability (10th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49549, you might also want to check these: