CVE-2022-49582
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's DSA (Distributed Switch Architecture) subsystem allows local attackers to cause a kernel panic (denial of service) when a VLAN-aware bridge is removed. This affects Linux systems using DSA switches with vlan_filtering_is_global=true configuration.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot.
Likely Case
Local denial of service when network configuration changes trigger the bug, causing temporary system instability.
If Mitigated
Minimal impact with proper access controls preventing local users from modifying network bridge configurations.
🎯 Exploit Status
Requires local access and CAP_NET_ADMIN privileges to modify bridge configurations. Triggering requires specific network configuration changes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 1699b4d502eda3c7ea4070debad3ee570b5091b1 and 3240e12fe203a3a79b9814e83327106b770ed7b0
Vendor Advisory: https://git.kernel.org/stable/c/1699b4d502eda3c7ea4070debad3ee570b5091b1
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable VLAN filtering on DSA switches
linuxPrevent the vulnerable code path by disabling VLAN filtering on affected DSA switches
echo 0 > /sys/class/net/<dsa_interface>/bridge/vlan_filtering
Restrict CAP_NET_ADMIN capabilities
linuxLimit which users/processes can modify network bridge configurations
setcap -r /usr/sbin/bridge
setcap -r /usr/sbin/ip
🧯 If You Can't Patch
- Restrict local user access to systems with DSA switches
- Implement strict change control for network bridge configurations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if DSA switches with vlan_filtering_is_global=true are configured: 'uname -r' and 'ls /sys/class/net/*/dsa'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors mentioning dsa_port_reset_vlan_filtering
Network Indicators:
- Sudden loss of network connectivity on DSA switch ports
SIEM Query:
kernel: *NULL pointer dereference* AND *dsa_port* OR *VLAN filtering*