CVE-2022-49867 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49867?

CVE-2022-49867 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's IOSM WWAN driver. When network devices are unregistered, the driver fails to properly free allocated memory, causing gradual memory exhaustion. This affects systems using the IOSM WWAN driver for cellular modem connectivity.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's IOSM WWAN driver. When network devices are unregistered, the driver fails to properly free allocated memory, causing gradual memory exhaustion. This affects systems using the IOSM WWAN driver for cellular modem connectivity.

💻 Affected Systems

Products:

Linux kernel with IOSM WWAN driver enabled

Versions: Linux kernel versions with vulnerable IOSM driver code (specific versions not specified in CVE)

Operating Systems: Linux

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if IOSM WWAN driver is loaded and used. This is typically for systems with Intel cellular modem hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to complete system memory exhaustion, causing kernel panics, system crashes, or denial of service on affected devices.

🟠

Likely Case

Gradual memory consumption over time leading to system instability, performance degradation, and potential service disruption requiring reboots.

🟢

If Mitigated

With proper patching, no impact beyond normal system operation.

🌐 Internet-Facing: LOW - This requires local access or kernel module loading privileges to trigger.

🏢 Internal Only: MEDIUM - Internal users with appropriate privileges could trigger the memory leak, potentially affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to trigger network device registration/unregistration in the IOSM driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 128514b51a5ba2c82f9e4a106f1c10423907618a or later

Vendor Advisory: https://git.kernel.org/stable/c/128514b51a5ba2c82f9e4a106f1c10423907618a

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable IOSM WWAN driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist iosm' >> /etc/modprobe.d/blacklist.conf
rmmod iosm

🧯 If You Can't Patch

Monitor system memory usage for abnormal consumption patterns
Implement regular system reboots to clear accumulated memory leaks

🔍 How to Verify

Check if Vulnerable:

Check if IOSM driver is loaded: lsmod | grep iosm. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel includes fix commit: git log --oneline | grep '128514b51a5ba2c82f9e4a106f1c10423907618a' or check kernel version against patched releases.

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer messages
System memory exhaustion warnings in dmesg
High memory usage without corresponding process allocation

Network Indicators:

Unusual network device registration/unregistration patterns

SIEM Query:

source="kernel" AND ("Out of memory" OR "oom-killer" OR "memory allocation failure")

📊 Metadata

CVE ID: CVE-2022-49867

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: May 1, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49867, you might also want to check these: