CVE-2022-49813
📋 TL;DR
This CVE describes a resource leak vulnerability in the Linux kernel's Elastic Network Adapter (ENA) driver. When pci_register_driver() fails during initialization, the driver doesn't properly clean up a workqueue it created, leading to a kernel memory leak. Systems using the ENA driver for AWS Elastic Network Adapters are affected.
💻 Affected Systems
- Linux kernel with ENA driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service on affected systems.
Likely Case
Memory leak gradually consumes kernel resources, potentially leading to performance degradation or system instability over time.
If Mitigated
With proper patching, the vulnerability is eliminated; without patching, impact depends on frequency of driver initialization failures.
🎯 Exploit Status
Exploitation requires triggering specific driver initialization failure conditions, making it difficult to weaponize reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with fixes from referenced commits (0e2369223b174d198ec42a3ec0a7f06c8727b968 and related)
Vendor Advisory: https://git.kernel.org/stable/c/0e2369223b174d198ec42a3ec0a7f06c8727b968
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ENA driver
linuxPrevent loading of vulnerable ENA driver module
echo 'blacklist ena' >> /etc/modprobe.d/blacklist-ena.conf
rmmod ena
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual increases
- Implement system restart schedules to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if ENA driver is loaded: lsmod | grep ena. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions. Check dmesg for ENA driver initialization errors.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
- ENA driver initialization errors
Network Indicators:
- Network interface failures on ENA devices
SIEM Query:
source="kernel" AND ("out of memory" OR "ENA" OR "workqueue" AND "leak")