CVE-2022-49753
📋 TL;DR
A double increment bug in the Linux kernel's DMA engine causes incorrect client counting for DMA channels, leading to resource management issues. This can result in kernel warnings, potential memory corruption, and system instability when DMA modules are loaded/unloaded repeatedly. Systems running affected Linux kernel versions with DMA functionality are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to refcount underflow and memory corruption, potentially leading to denial of service or privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel warnings in logs, and potential denial of service when DMA modules are loaded/unloaded, particularly affecting systems using async_tx or similar DMA operations.
If Mitigated
Minor performance impact or kernel warnings during module operations, but no system compromise if proper kernel hardening is in place.
🎯 Exploit Status
Exploitation requires local access and module loading privileges; primarily a reliability issue rather than direct security bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 142d644fd2cc059ffa042fbfb68e766433ef3afd, 18dd3b30d4c7e8440c63118c7a7b687372b9567f, 1b409e14b4b7af034e0450f95c165b6c5c87dbc1, 42ecd72f02cd657b00b559621e7ef7d2c4d3e5f1, 71c601965532c38030133535f7cd93c1efa75af1
Vendor Advisory: https://git.kernel.org/stable/c/142d644fd2cc059ffa042fbfb68e766433ef3afd
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Restrict module loading
allPrevent loading/unloading of DMA-related modules to avoid triggering the bug
echo 1 > /proc/sys/kernel/modules_disabled
chmod 600 /lib/modules/$(uname -r)/modules.dep
Disable async_tx module
allBlacklist or prevent loading of the async_tx module which triggers the issue
echo 'blacklist async_tx' > /etc/modprobe.d/async_tx.conf
depmod -a
🧯 If You Can't Patch
- Restrict module loading permissions to trusted users only
- Monitor system logs for refcount underflow warnings and investigate any DMA module operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if DMA channels show incorrect counts: cat /sys/class/dma/dma0chan*/in_useCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and test module load/unload of async_tx without warnings📡 Detection & Monitoring
Log Indicators:
- refcount_t: underflow; use-after-free warnings in kernel logs
- dma_chan_put or dmaengine_put error messages
- async_tx module load/unload patterns
Network Indicators:
- None - local kernel issue
SIEM Query:
source="kernel" AND ("refcount_t: underflow" OR "dma_chan_put" OR "async_tx")🔗 References
- https://git.kernel.org/stable/c/142d644fd2cc059ffa042fbfb68e766433ef3afd
- https://git.kernel.org/stable/c/18dd3b30d4c7e8440c63118c7a7b687372b9567f
- https://git.kernel.org/stable/c/1b409e14b4b7af034e0450f95c165b6c5c87dbc1
- https://git.kernel.org/stable/c/42ecd72f02cd657b00b559621e7ef7d2c4d3e5f1
- https://git.kernel.org/stable/c/71c601965532c38030133535f7cd93c1efa75af1
- https://git.kernel.org/stable/c/c6221afe573413fd2981e291f7df4a58283e0654
- https://git.kernel.org/stable/c/f3dc1b3b4750851a94212dba249703dd0e50bb20
