CVE-2022-49803
📋 TL;DR
This is a memory leak vulnerability in the Linux kernel's netdevsim driver where allocated memory for fa_cookie is not freed during device removal. It affects systems using the netdevsim driver, primarily developers and testers working with network device simulation. The vulnerability leads to gradual memory exhaustion over time.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service.
Likely Case
Gradual memory consumption over time during netdevsim testing or development, potentially leading to performance degradation.
If Mitigated
Minimal impact as netdevsim is typically used in controlled testing environments, not production systems.
🎯 Exploit Status
Exploitation requires loading and using the netdevsim driver, which is typically only done in development/testing environments. No public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel commits 064bc7312bd09a48798418663090be0c776183db and 207edad5717e0a5709ce8467f0eff41c607835c9
Vendor Advisory: https://git.kernel.org/stable/c/064bc7312bd09a48798418663090be0c776183db
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify netdevsim module loads correctly if needed for testing.
🔧 Temporary Workarounds
Unload netdevsim module
linuxRemove the netdevsim kernel module to prevent the vulnerability from being triggered
sudo rmmod netdevsim
Blacklist netdevsim module
linuxPrevent netdevsim from loading automatically
echo 'blacklist netdevsim' | sudo tee /etc/modprobe.d/netdevsim-blacklist.conf
sudo update-initramfs -u
🧯 If You Can't Patch
- Avoid loading or using the netdevsim kernel module
- Monitor system memory usage for unusual consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check if netdevsim module is loaded: lsmod | grep netdevsim. If loaded and kernel version is before fix commits, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: uname -r and verify against patched kernel versions. Also verify netdevsim module can be loaded/unloaded without memory leaks.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings in dmesg
- kmemleak reports of unreferenced objects from netdevsim
Network Indicators:
- None - this is a local kernel memory issue
SIEM Query:
Search for kernel logs containing 'oom-killer' or memory allocation failures when netdevsim is in use