CVE-2022-49626
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's sfc driver that occurs when disabling SR-IOV (Single Root I/O Virtualization). The vulnerability allows reading freed memory, which could lead to kernel crashes or potential privilege escalation. Systems using affected Linux kernel versions with the sfc driver and SR-IOV enabled are vulnerable.
💻 Affected Systems
- Linux kernel with sfc driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel mode if an attacker can control the freed memory region before it's reused.
Likely Case
System instability, kernel crashes, or denial of service when disabling SR-IOV on affected network interfaces.
If Mitigated
Minor system instability that requires reboot to recover from kernel panic.
🎯 Exploit Status
Exploitation requires local access and ability to modify SR-IOV settings. The vulnerability is triggered by specific administrative actions rather than remote code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commits: 3199e34912d84cdfb8a93a984c5ae5c73fb13e84, 58d93e9d160c0de6d867c7eb4c2206671a351eb1, 9c854ae512b89229aeee93849e9bd4c115b37909, bcad880865bfb421885364b1f0c7351280fe2b97, c2240500817b3b4b996cdf2a461a3a5679f49b94
Vendor Advisory: https://git.kernel.org/stable/c/3199e34912d84cdfb8a93a984c5ae5c73fb13e84
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid disabling SR-IOV
allDo not disable SR-IOV on sfc network interfaces. Keep SR-IOV enabled or avoid enabling it in the first place.
Unload sfc driver
LinuxRemove the vulnerable driver if not needed for system operation.
sudo rmmod sfc
🧯 If You Can't Patch
- Restrict access to SR-IOV configuration files to prevent triggering the vulnerability
- Monitor system logs for kernel panic or use-after-free errors related to sfc driver
🔍 How to Verify
Check if Vulnerable:
Check if sfc driver is loaded: 'lsmod | grep sfc'. Check kernel version against distribution's security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version. Test SR-IOV disable operation on sfc interface.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KFENCE use-after-free errors mentioning sfc driver
- BUG: KFENCE: use-after-free read in efx_ef10_sriov_free_vf_vswitching
SIEM Query:
event_source="kernel" AND (message CONTAINS "KFENCE" OR message CONTAINS "use-after-free" OR message CONTAINS "sfc")🔗 References
- https://git.kernel.org/stable/c/3199e34912d84cdfb8a93a984c5ae5c73fb13e84
- https://git.kernel.org/stable/c/58d93e9d160c0de6d867c7eb4c2206671a351eb1
- https://git.kernel.org/stable/c/9c854ae512b89229aeee93849e9bd4c115b37909
- https://git.kernel.org/stable/c/bcad880865bfb421885364b1f0c7351280fe2b97
- https://git.kernel.org/stable/c/c2240500817b3b4b996cdf2a461a3a5679f49b94
- https://git.kernel.org/stable/c/c9e75bb22a26e391f189f5a5133dd63dcb57fdaa
- https://git.kernel.org/stable/c/e435c4aeeaa073091f7f3b7735af2ef5c97d63f2
- https://git.kernel.org/stable/c/ebe41da5d47ac0fff877e57bd14c54dccf168827
