CVE-2022-49799
📋 TL;DR
A double-free vulnerability in the Linux kernel's tracing subsystem allows local attackers to cause a kernel panic or potentially execute arbitrary code with kernel privileges. This affects Linux systems with kernel tracing enabled, primarily impacting servers and workstations where users have local access.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or potential remote code execution if combined with other vulnerabilities.
Likely Case
Kernel panic leading to denial of service (system crash) when a user with local access triggers the bug through synthetic event creation.
If Mitigated
Limited impact if kernel tracing is disabled or access controls restrict local user privileges.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel tracing APIs. The bug was discovered through code review and fuzzing, not active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c, 315b149f08229a233d47532eb5da1707b28f764c, 6517b97134f724d12f673f9fb4f456d75c7a905f, a5bfa53e5036b3e7a80be902dd3719a930accabd
Vendor Advisory: https://git.kernel.org/stable/c/1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable kernel tracing
linuxPrevents exploitation by disabling the vulnerable tracing subsystem
echo 0 > /sys/kernel/debug/tracing/tracing_on
mount -o remount,noexec /sys/kernel/debug/tracing
Restrict tracefs access
linuxLimit access to tracefs to prevent unauthorized users from triggering the bug
chmod 700 /sys/kernel/debug/tracing
setfacl -m u:root:rwx /sys/kernel/debug/tracing
🧯 If You Can't Patch
- Implement strict access controls to prevent non-privileged users from accessing /sys/kernel/debug/tracing
- Monitor system logs for kernel panics or segmentation faults related to tracing subsystem
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with distribution security advisories. Vulnerable if using kernel before fixes were backported.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution package manager: rpm -q kernel or dpkg -l linux-image*📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'general protection fault' or 'wild-memory-access'
- Segmentation faults in kernel logs related to tracing
- Failed modprobe attempts for tracing modules
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("general protection fault" OR "wild-memory-access" OR "register_synth_event")