CVE-2022-49789
📋 TL;DR
A double-free vulnerability in the Linux kernel's zfcp SCSI driver allows local attackers to cause memory corruption and potentially crash the system. This affects systems using IBM zSeries FCP storage adapters with the zfcp driver. The vulnerability occurs when a signed 32-bit integer is incorrectly used to cache a 64-bit request ID, leading to hash table corruption.
💻 Affected Systems
- Linux kernel zfcp driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing local privilege escalation through memory corruption.
Likely Case
System crash or kernel panic during storage adapter operations, causing service disruption.
If Mitigated
Limited to denial of service on affected storage systems; proper access controls prevent remote exploitation.
🎯 Exploit Status
Requires local access and ability to trigger specific storage operations. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0954256e970ecf371b03a6c9af2cf91b9c4085ff, 11edbdee4399401f533adda9bffe94567aa08b96, 1bf8ed585501bb2dd0b5f67c824eab45adfbdccd, 90a49a6b015fa439cd62e45121390284c125a91f, d2c7d8f58e9cde8ac8d1f75e9d66c2a813ffe0ab
Vendor Advisory: https://git.kernel.org/stable/c/0954256e970ecf371b03a6c9af2cf91b9c4085ff
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable zfcp module
linuxRemove or blacklist zfcp kernel module if not required
echo 'blacklist zfcp' >> /etc/modprobe.d/blacklist-zfcp.conf
rmmod zfcp
🧯 If You Can't Patch
- Restrict local user access to systems with zfcp storage
- Monitor for kernel panic logs related to zfcp or list_del corruption
🔍 How to Verify
Check if Vulnerable:
Check if zfcp module is loaded: lsmod | grep zfcp. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for absence of zfcp-related corruption errors.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages with 'list_del corruption'
- zfcp error messages in dmesg
- Storage adapter failure logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("list_del corruption" OR "zfcp" AND "panic" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/0954256e970ecf371b03a6c9af2cf91b9c4085ff
- https://git.kernel.org/stable/c/11edbdee4399401f533adda9bffe94567aa08b96
- https://git.kernel.org/stable/c/1bf8ed585501bb2dd0b5f67c824eab45adfbdccd
- https://git.kernel.org/stable/c/90a49a6b015fa439cd62e45121390284c125a91f
- https://git.kernel.org/stable/c/d2c7d8f58e9cde8ac8d1f75e9d66c2a813ffe0ab
