CVE-2022-49675
📋 TL;DR
This CVE describes a Linux kernel vulnerability where an incorrectly exported initialization function could cause kernel panic if accessed after system initialization. The issue affects Linux systems using the tickless nohz_full feature. Only systems with specific configurations are vulnerable.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot the system.
Likely Case
System instability or crash if a module attempts to use the freed function, though this requires specific conditions.
If Mitigated
No impact if the system doesn't use the affected tick_nohz_full feature or if modules don't attempt to access the function.
🎯 Exploit Status
Exploitation requires specific conditions: local access, ability to load modules, and the tick_nohz_full feature to be enabled. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/2390095113e98fc52fffe35c5206d30d9efe3f78
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix by removing EXPORT_SYMBOL_GPL from tick_nohz_full_setup() function. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable tick_nohz_full feature
linuxPrevent the vulnerable code path by disabling the tickless full feature
Add 'nohz_full=' to kernel boot parameters without CPU lists or set to empty
🧯 If You Can't Patch
- Disable module loading via kernel parameter 'modules_disabled=1' if not required
- Restrict local user access and monitor for suspicious module loading activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if tick_nohz_full is enabled: cat /proc/cmdline | grep nohz_fullCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check that tick_nohz_full_setup is not exported: grep tick_nohz_full_setup /proc/kallsyms📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- OOPs (kernel crashes) related to tick_nohz functions
- Module loading failures
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
Search for kernel panic or OOPs messages in system logs with keywords: tick_nohz, panic, OOPs