CVE-2022-49729 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49729?

CVE-2022-49729 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the nfcmrvl driver's deferred transmission handling. The vulnerability allows attackers to cause denial of service through resource exhaustion by repeatedly triggering the vulnerable code path. Systems using Marvell NFC chips with the affected driver are at risk.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem, specifically in the nfcmrvl driver's deferred transmission handling. The vulnerability allows attackers to cause denial of service through resource exhaustion by repeatedly triggering the vulnerable code path. Systems using Marvell NFC chips with the affected driver are at risk.

💻 Affected Systems

Products:

Linux kernel with nfcmrvl NFC driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Marvell NFC hardware using the nfcmrvl driver. Most servers and desktops without NFC hardware are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or kernel panic due to memory exhaustion, potentially requiring physical reboot and causing extended service disruption.

🟠

Likely Case

Degraded system performance, application failures, or service interruptions due to memory pressure from the leak.

🟢

If Mitigated

Minimal impact with proper memory limits and monitoring in place, though some performance degradation may still occur.

🌐 Internet-Facing: LOW - NFC typically requires physical proximity or local access, not internet exposure.

🏢 Internal Only: MEDIUM - Requires local access or NFC proximity, but could be exploited by malicious insiders or compromised internal devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires ability to interact with NFC subsystem, which typically needs local access or physical proximity.

Exploitation requires triggering the deferred transmission handling in the nfcmrvl driver, which may require specific NFC operations or malformed packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases containing commits: 0eeec1a8b0cd38c47edeb042980a6aeacecf35ed, 1eb0afecfb9cd0f38424b82bd9aaa542310934ee, 3e7c7df6991ac349f2fa8540047757df666e610f, 3eadc560c1919b8193d17334145dad9a917960e4, 6616872cfe7f0474a22dd1f12699f95bcf81a54d

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NFC subsystem

linux

Remove or blacklist the nfcmrvl driver if NFC functionality is not required

echo 'blacklist nfcmrvl' >> /etc/modprobe.d/blacklist-nfcmrvl.conf
rmmod nfcmrvl

Disable USB autosuspend for NFC devices

linux

Prevent USB power management from interfering with NFC operations

echo -1 > /sys/bus/usb/devices/*/power/autosuspend_delay_ms

🧯 If You Can't Patch

Disable NFC functionality entirely if not needed
Implement strict memory limits and monitoring to detect memory exhaustion early

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nfcmrvl module is loaded: lsmod | grep nfcmrvl && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after fix commits and test NFC functionality remains stable under load

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
Memory allocation failures in dmesg
NFC subsystem errors

Network Indicators:

Unusual NFC communication patterns
Repeated NFC connection attempts

SIEM Query:

source="kernel" AND ("oom" OR "out of memory" OR "nfcmrvl")

📊 Metadata

CVE ID: CVE-2022-49729

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.03% exploit probability (7.6th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49729, you might also want to check these: