CVE-2022-49865
📋 TL;DR
This CVE describes an information leak vulnerability in the Linux kernel's IPv6 address label implementation. When sending network messages containing struct ifaddrlmsg, an uninitialized memory byte (__ifal_reserved field) could be exposed to the network, potentially leaking sensitive kernel memory contents. This affects Linux systems with IPv6 enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could exploit this to leak kernel memory contents, potentially revealing sensitive information like encryption keys, process memory, or other system data that could facilitate further attacks.
Likely Case
Limited information disclosure of 1 byte of uninitialized kernel memory per affected network message, which could be used to infer kernel state or aid in other attacks.
If Mitigated
With proper network segmentation and access controls, the impact is minimal as the leak requires network access to the affected interface.
🎯 Exploit Status
Exploitation requires local access or network access to trigger the vulnerable code path via netlink messages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0f85b7ae7c4b5d7b4bbf7ac653a733c181a8a2bf, 2acb2779b147decd300c117683d5a32ce61c75d6, 49e92ba5ecd7d72ba369dde2ccff738edd028a47, 568a47ff756f913e8b374c2af9d22cd2c772c744, or 58cd7fdc8c1e6c7873acc08f190069fed88d1c12
Vendor Advisory: https://git.kernel.org/stable/c/0f85b7ae7c4b5d7b4bbf7ac653a733c181a8a2bf
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable IPv6
linuxDisable IPv6 functionality to prevent exploitation of this vulnerability
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
sysctl -w net.ipv6.conf.all.disable_ipv6=1
Restrict netlink access
linuxUse firewall rules to restrict access to netlink sockets
iptables -A OUTPUT -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to affected systems
- Monitor for unusual netlink traffic patterns and memory access attempts
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisories. Vulnerable if running kernel before patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits or check with distribution's security update verification tools.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing memory allocation errors or unusual netlink activity
- System logs showing IPv6 address label operations
Network Indicators:
- Unusual netlink traffic patterns
- Multiple requests to ip6addrlbl_get function
SIEM Query:
source="kernel" AND ("ip6addrlbl" OR "ifaddrlmsg" OR "KMSAN: kernel-network-infoleak")🔗 References
- https://git.kernel.org/stable/c/0f85b7ae7c4b5d7b4bbf7ac653a733c181a8a2bf
- https://git.kernel.org/stable/c/2acb2779b147decd300c117683d5a32ce61c75d6
- https://git.kernel.org/stable/c/49e92ba5ecd7d72ba369dde2ccff738edd028a47
- https://git.kernel.org/stable/c/568a47ff756f913e8b374c2af9d22cd2c772c744
- https://git.kernel.org/stable/c/58cd7fdc8c1e6c7873acc08f190069fed88d1c12
- https://git.kernel.org/stable/c/6d26d0587abccb9835382a0b53faa7b9b1cd83e3
- https://git.kernel.org/stable/c/a033b86c7f7621fde31f0364af8986f43b44914f
- https://git.kernel.org/stable/c/c23fb2c82267638f9d206cb96bb93e1f93ad7828
