CVE-2022-49636
📋 TL;DR
A memory leak vulnerability in the Linux kernel's VLAN implementation allows attackers to cause denial of service by exhausting kernel memory. The vulnerability occurs when creating VLAN interfaces with specific egress QoS mappings, affecting systems using VLAN functionality. This affects Linux systems with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory exhaustion leading to system instability, crashes, or denial of service requiring reboot
Likely Case
Gradual memory consumption over time when VLAN interfaces are created with specific QoS mappings, potentially causing performance degradation
If Mitigated
Minimal impact if VLAN functionality is not used or systems are patched
🎯 Exploit Status
Exploit requires ability to create VLAN interfaces (typically root or CAP_NET_ADMIN)
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with fixes from stable commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/4c43069bb1097dd6cc1cf0f7c43a36d1f7b3910b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable VLAN QoS functionality
linuxPrevent creation of VLAN interfaces with egress QoS mappings
# Restrict VLAN interface creation or QoS usage via system policies
🧯 If You Can't Patch
- Restrict VLAN interface creation to trusted users only
- Monitor kernel memory usage and system logs for memory leak indicators
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if VLAN QoS functionality is enabledCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and test VLAN QoS creation📡 Detection & Monitoring
Log Indicators:
- Kernel OOM messages
- Memory allocation failures in kernel logs
Network Indicators:
- Multiple VLAN interface creation attempts with QoS mappings
SIEM Query:
Search for 'vlan_newlink' or 'memory leak' in kernel logs🔗 References
- https://git.kernel.org/stable/c/4c43069bb1097dd6cc1cf0f7c43a36d1f7b3910b
- https://git.kernel.org/stable/c/549de58dba4bf1b2adc72e9948b9c76fa88be9d2
- https://git.kernel.org/stable/c/72a0b329114b1caa8e69dfa7cdad1dd3c69b8602
- https://git.kernel.org/stable/c/df27729a4fe0002dfd80c96fe1c142829c672728
- https://git.kernel.org/stable/c/f5dc10b910bdac523e5947336445a77066c51bf9
