CVE-2022-49844 – This CVE-2022-49844 is an out-of-bounds read vu... (How to Fix)

Q: What is the severity of CVE-2022-49844?

CVE-2022-49844 has a CVSS score of 7.1 (HIGH). This CVE-2022-49844 is an out-of-bounds read vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem. It allows attackers to cause denial of service by dropping CAN frames on virtual CAN interfaces like vcan and vxcan. Systems using Linux kernels with CAN networking enabled are affected.

📋 TL;DR

This CVE-2022-49844 is an out-of-bounds read vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem. It allows attackers to cause denial of service by dropping CAN frames on virtual CAN interfaces like vcan and vxcan. Systems using Linux kernels with CAN networking enabled are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions containing commit a6d190f8c767 up to the fix

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if CAN networking is enabled and virtual CAN interfaces (vcan/vxcan) are used. Most desktop systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for CAN network communications, disrupting industrial control systems, automotive systems, or IoT devices relying on CAN interfaces.

🟠

Likely Case

Intermittent CAN frame drops leading to communication failures and system instability on affected virtual CAN interfaces.

🟢

If Mitigated

Minimal impact if systems don't use virtual CAN interfaces or have patched kernels.

🌐 Internet-Facing: LOW - CAN networks are typically isolated from internet-facing systems.

🏢 Internal Only: MEDIUM - Affects internal systems using CAN networking, particularly in industrial and automotive environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to interact with CAN interfaces. Exploitation leads to denial of service rather than privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 386c49fe31ee and ae64438be192

Vendor Advisory: https://git.kernel.org/stable/c/386c49fe31ee748e053860b3bac7794a933ac9ac

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply commits 386c49fe31ee and ae64438be192. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable virtual CAN interfaces

linux

Remove or disable vcan and vxcan interfaces if not required

sudo ip link delete vcan0
sudo modprobe -r vcan
sudo modprobe -r vxcan

Disable CAN subsystem

linux

Prevent loading of CAN kernel modules

echo 'blacklist can' | sudo tee /etc/modprobe.d/blacklist-can.conf
echo 'blacklist vcan' | sudo tee -a /etc/modprobe.d/blacklist-can.conf

🧯 If You Can't Patch

Isolate systems using CAN interfaces from untrusted networks
Implement network segmentation to limit access to CAN-enabled systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if CAN modules are loaded: uname -r && lsmod | grep -E '^(can|vcan|vxcan)'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and test virtual CAN interface functionality

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing CAN errors or frame drops
System logs indicating CAN communication failures

Network Indicators:

Unusual CAN frame loss patterns
CAN communication timeouts

SIEM Query:

source="kernel" AND ("CAN" OR "vcan" OR "vxcan") AND ("error" OR "drop" OR "failure")

📊 Metadata

CVE ID: CVE-2022-49844

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (7.8th percentile)

Published: May 1, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49844, you might also want to check these: