Login Sign Up

CVE-2022-49743

5.5 MEDIUM
Buffer Overflow

📋 TL;DR

This CVE addresses a memory corruption vulnerability in the Linux kernel's OverlayFS filesystem implementation. A buffer overflow could allow local attackers to crash the system or potentially execute arbitrary code. Only Linux systems using OverlayFS are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with the vulnerable OverlayFS code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if OverlayFS filesystem is mounted and in use. Many systems don't use OverlayFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

No impact if OverlayFS is not in use or kernel hardening prevents exploitation.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel memory layout. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 012cdef22000f3104e4fa8224ad29fde509b8caf or later

Vendor Advisory: https://git.kernel.org/stable/c/012cdef22000f3104e4fa8224ad29fde509b8caf

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable OverlayFS

linux

Prevent use of OverlayFS filesystem if not required

# Check if OverlayFS is mounted: mount | grep overlay
# Unmount any overlay mounts: umount /path/to/overlay/mount

🧯 If You Can't Patch

  • Restrict local user access to systems using OverlayFS
  • Implement kernel hardening features like KASLR and stack canaries

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution. Also check if OverlayFS is in use: 'mount | grep overlay'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and system has been rebooted. Check that the vulnerable code commit is not present.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crash/panic logs
  • Unexpected process termination

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Search for kernel panic events or unexpected system reboots on Linux hosts

📊 Metadata

CVE ID: CVE-2022-49743
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.05% exploit probability (16th percentile)
Published: March 27, 2025
Last Updated: January 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON