Login Sign Up

CVE-2022-49698

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE addresses a race condition in the Linux kernel's netfilter subsystem where using prandom in preemptible contexts could cause kernel bugs. The vulnerability affects Linux systems using nftables with the numgen module, potentially leading to system instability or crashes. Kernel versions before the fix are vulnerable when nftables rules with random number generation are active.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when nftables with numgen module is configured and active. Systems not using nftables or without random number generation rules are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, potentially disrupting network services and requiring system reboot.

🟠

Likely Case

System instability with kernel warnings or crashes when nftables rules with random number generation are processed under high load.

🟢

If Mitigated

Minor performance impact or no noticeable effect if the vulnerable code path isn't triggered.

🌐 Internet-Facing: MEDIUM - Systems with nftables rules processing internet traffic could experience service disruption.
🏢 Internal Only: LOW - Internal systems without nftables or without random number generation rules are unlikely to be affected.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific code path in nft_ng_random_eval. This is more likely to occur accidentally under certain network conditions than through deliberate attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b, 6ce71f83f798be7e1ca68707fec449fbecb38852, b1fd94e704571f98b21027340eecf821b2bdffba, d0906b0fffc9f19bc42708ca3e84e2089088386c

Vendor Advisory: https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable nftables numgen module

all

Remove or disable nftables rules that use random number generation

nft list ruleset | grep -i random
nft delete rule <table> <chain> handle <handle>

🧯 If You Can't Patch

  • Disable nftables entirely if not required for system functionality
  • Monitor system logs for kernel warnings related to nft_ng_random_eval and investigate any occurrences

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's patched versions. Also check if nftables rules with random generation exist: nft list ruleset | grep -i random

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and no kernel warnings appear in dmesg related to nft_ng_random_eval

📡 Detection & Monitoring

Log Indicators:

  • Kernel warnings in dmesg or system logs containing 'nft_ng_random_eval' or 'check_preemption_disabled'

Network Indicators:

  • Unexpected network service disruptions when nftables rules are active

SIEM Query:

source="kernel" AND ("nft_ng_random_eval" OR "check_preemption_disabled")

📊 Metadata

CVE ID: CVE-2022-49698
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.04% exploit probability (11th percentile)
Published: February 26, 2025
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON