CVE-2022-49648
📋 TL;DR
This is a memory leak vulnerability in the Linux kernel's tracing/histograms subsystem. When specific trigger commands fail during memory allocation, kernel memory isn't properly freed, leading to gradual memory exhaustion. This affects Linux systems with kernel tracing enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service through resource depletion.
Likely Case
Gradual memory leak over time when specific tracing trigger commands are used, potentially leading to performance degradation or system instability.
If Mitigated
Minimal impact if kernel tracing is disabled or the vulnerable code path isn't triggered.
🎯 Exploit Status
Exploitation requires ability to write specific trigger commands to the tracing subsystem. This typically requires elevated privileges or specific system configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 22eeff55679d9e7c0f768c79bfbd83e2f8142d89, 4d453eb5e1eec89971aa5b3262857ee26cfdffd3, 78a1400c42ee11197eb1f0f85ba51df9a4fdfff0, 7edc3945bdce9c39198a10d6129377a5c53559c2, eb622d5580b9e2ff694f62da6410618bd73853cb
Vendor Advisory: https://git.kernel.org/stable/c/22eeff55679d9e7c0f768c79bfbd83e2f8142d89
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable kernel tracing
linuxPrevent access to the vulnerable tracing subsystem
echo 0 > /proc/sys/kernel/ftrace_enabled
mount -o remount,nodebug /sys/kernel/debug
Restrict debugfs access
linuxLimit access to tracing debug interface
chmod 700 /sys/kernel/debug/tracing
chown root:root /sys/kernel/debug/tracing
🧯 If You Can't Patch
- Disable kernel tracing functionality completely
- Implement strict access controls on /sys/kernel/debug/tracing directory
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it's between the vulnerable commit and fix commits. Use: uname -r and check kernel source or distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches or exceeds fixed versions. Check that the specific git commits are included in your kernel build.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings
- Process crashes due to memory allocation failures
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
Search for: 'Out of memory' OR 'kernel: Out of memory' OR 'oom-killer' in system logs🔗 References
- https://git.kernel.org/stable/c/22eeff55679d9e7c0f768c79bfbd83e2f8142d89
- https://git.kernel.org/stable/c/4d453eb5e1eec89971aa5b3262857ee26cfdffd3
- https://git.kernel.org/stable/c/78a1400c42ee11197eb1f0f85ba51df9a4fdfff0
- https://git.kernel.org/stable/c/7edc3945bdce9c39198a10d6129377a5c53559c2
- https://git.kernel.org/stable/c/eb622d5580b9e2ff694f62da6410618bd73853cb
- https://git.kernel.org/stable/c/ecc6dec12c33aa92c086cd702af9f544ddaf3c75
