CVE-2022-49775
📋 TL;DR
A double-free vulnerability in the Linux kernel's TCP CDG congestion control module allows local attackers to cause a kernel panic or potentially execute arbitrary code. This affects Linux systems using the CDG congestion control algorithm, particularly those with MPTCP enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.
Likely Case
Kernel panic causing denial of service and system instability.
If Mitigated
No impact if CDG congestion control is not used or if systems are patched.
🎯 Exploit Status
Requires local access and ability to manipulate TCP connections with CDG congestion control.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0b19171439016a8e4c97eafe543670ac86e2b8fe or later
Vendor Advisory: https://git.kernel.org/stable/c/0b19171439016a8e4c97eafe543670ac86e2b8fe
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable CDG congestion control
linuxSwitch to alternative congestion control algorithm
sysctl -w net.ipv4.tcp_congestion_control=cubic
echo cubic > /proc/sys/net/ipv4/tcp_congestion_control
Disable MPTCP
linuxPrevent MPTCP from triggering the vulnerable code path
sysctl -w net.mptcp.enabled=0
echo 0 > /proc/sys/net/mptcp/enabled
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor systems for kernel panics or unusual TCP connection behavior
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if CDG is in use: uname -r && sysctl net.ipv4.tcp_congestion_controlCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and test TCP connections with CDG enabled📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN double-free error messages in dmesg
- System crashes related to TCP/CDG
Network Indicators:
- Unusual TCP connection resets
- MPTCP connection failures
SIEM Query:
source="kernel" AND ("double-free" OR "KASAN" OR "tcp_cdg" OR "MPTCP")🔗 References
- https://git.kernel.org/stable/c/0b19171439016a8e4c97eafe543670ac86e2b8fe
- https://git.kernel.org/stable/c/1b639be27cbf428a5ca01dcf8b5d654194c956f8
- https://git.kernel.org/stable/c/35309be06b6feded2ab2cafbc2bca8534c2fa41e
- https://git.kernel.org/stable/c/4026033907cc6186d86b48daa4a252c860db2536
- https://git.kernel.org/stable/c/72e560cb8c6f80fc2b4afc5d3634a32465e13a51
- https://git.kernel.org/stable/c/78be2ee0112409ae4e9ee9e326151e0559b3d239
- https://git.kernel.org/stable/c/9e481d87349d2282f400ee1d010a169c99f766b8
- https://git.kernel.org/stable/c/b49026d9c86f35a4c5bfb8d7345c9c4379828c6b
