CVE-2022-49695
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's igb network driver when running in XDP mode allows memory corruption. This can lead to system crashes, privilege escalation, or arbitrary code execution. Systems using Intel Gigabit Ethernet adapters with XDP enabled are affected.
💻 Affected Systems
- Linux kernel with igb driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution allowing full system compromise.
Likely Case
System crash or kernel panic causing denial of service when the vulnerable code path is triggered during network operations.
If Mitigated
No impact if XDP is disabled or the system doesn't use affected Intel NICs.
🎯 Exploit Status
Exploitation requires XDP mode, specific network traffic patterns, and timing to trigger during device closure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 2af944210dc23d43d8208dafac4df7be7e3c168b, 3f6a57ee8544ec3982f8a3cbcbf4aea7d47eb9ec, 68a0ed06dcd5d3ea732d011c0b83d66e4791f521, c12a2c9b1b460ed72e6b3c33aac1ef51b0329b66
Vendor Advisory: https://git.kernel.org/stable/c/2af944210dc23d43d8208dafac4df7be7e3c168b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable XDP on igb interfaces
LinuxDisable XDP (eXpress Data Path) on affected Intel Gigabit Ethernet interfaces to prevent triggering the vulnerability.
ip link set dev <interface> xdp off
🧯 If You Can't Patch
- Disable XDP on all igb network interfaces
- Avoid closing network devices while XDP traffic is flowing
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if igb driver is loaded with XDP enabled: 'uname -r' and 'ip link show | grep -A5 igb'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check dmesg for absence of igb-related use-after-free warnings📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning igb_clean_tx_ring
- Use-after-free warnings in dmesg related to igb driver
- Refcount warnings with igb in stack trace
Network Indicators:
- Sudden network interface drops on igb devices
- Increased system crashes during network operations
SIEM Query:
source="kernel" AND ("igb_clean_tx_ring" OR "use-after-free" AND "igb")