CVE-2022-49811 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-49811?

CVE-2022-49811 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's DRBD (Distributed Replicated Block Device) subsystem. The flaw occurs in drbd_create_device() where drbd_destroy_connection() frees a connection object that could still be accessed, potentially leading to kernel crashes or arbitrary code execution. Systems using DRBD for storage replication are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's DRBD (Distributed Replicated Block Device) subsystem. The flaw occurs in drbd_create_device() where drbd_destroy_connection() frees a connection object that could still be accessed, potentially leading to kernel crashes or arbitrary code execution. Systems using DRBD for storage replication are affected.

💻 Affected Systems

Products:

Linux kernel with DRBD module

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if DRBD module is loaded and configured. Many distributions don't enable DRBD by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution allowing full system compromise.

🟠

Likely Case

Kernel crash causing system instability, denial of service, or data corruption in DRBD-managed storage.

🟢

If Mitigated

Limited impact if DRBD is not configured or used, or if the system has kernel hardening protections like KASLR and SMEP/SMAP.

🌐 Internet-Facing: LOW - DRBD is typically used in internal storage clusters, not directly internet-facing services.

🏢 Internal Only: MEDIUM - Affects internal systems using DRBD for storage replication, potentially impacting critical infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires kernel-level exploitation and DRBD configuration access

Exploitation requires local access or ability to trigger DRBD operations. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/7d93417d596402ddd46bd76c721f205d09d0d025

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply commits: 7d93417d596402ddd46bd76c721f205d09d0d025, 813a8dd9c45fd46f5cbbfbedf0791afa7740ccf5, 9ed51414aef6e59e832e2960f10766dce2d5b1a1, a7a1598189228b5007369a9622ccdf587be0730f, bf47ca1b35fc1f55091ffaff5fbe41ea0c6f59a1. 3. Reboot system.

🔧 Temporary Workarounds

Disable DRBD module

linux

Unload DRBD kernel module if not required

sudo modprobe -r drbd
echo 'blacklist drbd' | sudo tee /etc/modprobe.d/blacklist-drbd.conf

🧯 If You Can't Patch

Ensure DRBD module is not loaded if not required
Restrict access to systems using DRBD to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check if DRBD module is loaded: lsmod | grep drbd. Check kernel version against distribution advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and DRBD module version matches fixed releases.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in /var/log/kern.log or dmesg
DRBD-related crash logs
System instability after DRBD operations

Network Indicators:

Unusual DRBD synchronization failures

SIEM Query:

source="kernel" AND ("oops" OR "BUG" OR "general protection fault") AND "drbd"

📊 Metadata

CVE ID: CVE-2022-49811

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: May 1, 2025

Last Updated: November 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49811, you might also want to check these: