CVE-2022-49661
📋 TL;DR
A memory leak vulnerability in the Linux kernel's gs_usb CAN bus driver allows attackers to cause denial of service through resource exhaustion. The vulnerability affects systems using specific USB CAN adapters with the gs_usb driver loaded. Attackers with local access can trigger the leak by repeatedly opening and closing CAN connections.
💻 Affected Systems
- Linux kernel with gs_usb driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or kernel panic due to memory exhaustion, potentially requiring physical reboot.
Likely Case
Degraded system performance, application crashes, or denial of service for CAN bus functionality.
If Mitigated
Minimal impact with proper memory limits and monitoring in place.
🎯 Exploit Status
Exploitation requires local access and ability to open/close CAN connections. No authentication bypass needed beyond local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases containing commits: 0e60230bc64355c80abe993d1719fdb318094e20, 2bda24ef95c0311ab93bda00db40486acf30bd0a, 339fa9f80d3b94177a7a459c6d115d3b56007d5a, 6f655b5e13fa4b27e915b6c209ac0da74fd75963, c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0
Vendor Advisory: https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Unload gs_usb driver
linuxPrevent driver loading if USB CAN adapters are not needed
sudo rmmod gs_usb
echo 'blacklist gs_usb' | sudo tee /etc/modprobe.d/blacklist-gs_usb.conf
Restrict CAN device access
linuxLimit which users can access CAN devices
sudo chmod 600 /dev/can*
sudo chown root:root /dev/can*
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from accessing CAN devices
- Monitor system memory usage and implement alerts for unusual memory consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check if gs_usb driver is loaded: lsmod | grep gs_usb. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and test CAN functionality while monitoring memory usage.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
- Repeated CAN device open/close operations
Network Indicators:
- Unusual CAN bus traffic patterns if monitoring available
SIEM Query:
source="kernel" AND ("oom" OR "out of memory" OR "gs_usb")🔗 References
- https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20
- https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a
- https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a
- https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963
- https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0
- https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8
- https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b
- https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c
