CVE-2022-49554
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's zsmalloc memory allocator. It allows concurrent page migration to interfere with asynchronous zspage freeing, potentially leading to memory corruption or kernel crashes. Systems running affected Linux kernel versions with zsmalloc enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, denial of service, or potential privilege escalation if memory corruption can be controlled.
Likely Case
System instability, kernel crashes, or denial of service affecting system availability.
If Mitigated
Minimal impact if systems are patched or zsmalloc is disabled.
🎯 Exploit Status
Exploitation requires triggering specific race conditions in kernel memory management, which is complex and timing-dependent.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/2505a981114dcb715f8977b8433f7540854851d8
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Disable zsmalloc
linuxDisable zsmalloc memory allocator if not required
echo 'blacklist zsmalloc' > /etc/modprobe.d/disable-zsmalloc.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system logs for kernel panics or oops messages
- Restrict local user access to minimize potential trigger sources
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if zsmalloc is enabled: 'cat /proc/config.gz | gunzip | grep CONFIG_ZSMALLOC' or check running kernel modulesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits, or check that zsmalloc is disabled📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes/panics
- Memory allocation errors in kernel logs
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("Oops" OR "panic" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/2505a981114dcb715f8977b8433f7540854851d8
- https://git.kernel.org/stable/c/3674d8a8dadd03a447dd21069d4dacfc3399b63b
- https://git.kernel.org/stable/c/3ec459c8810e658401be428d3168eacfc380bdd0
- https://git.kernel.org/stable/c/645996efc2ae391246d595832aaa6f9d3cc338c7
- https://git.kernel.org/stable/c/8ba7b7c1dad1f6503c541778f31b33f7f62eb966
- https://git.kernel.org/stable/c/c5402fb5f71f1a725f1e55d9c6799c0c7bec308f
- https://git.kernel.org/stable/c/fae05b2314b147a78fbed1dc4c645d9a66313758
- https://git.kernel.org/stable/c/fc658c083904427abbf8f18280d517ee2668677c
