Login Sign Up

CVE-2022-49890

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory leak vulnerability in the Linux kernel's capabilities subsystem could allow local attackers to cause denial of service through resource exhaustion. The vulnerability occurs when vfs_getxattr_alloc() fails to properly free allocated memory in error conditions. This affects all Linux systems using the affected kernel versions.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: All Linux distributions
Default Config Vulnerable: ⚠️ Yes
Notes: All Linux systems using affected kernel versions are vulnerable regardless of configuration. The vulnerability is in core kernel functionality.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could exhaust kernel memory, leading to system instability, crashes, or denial of service affecting all users on the system.

🟠

Likely Case

Local users could cause gradual memory exhaustion, potentially degrading system performance over time or causing specific services to fail.

🟢

If Mitigated

With proper memory limits and monitoring, impact is limited to potential performance degradation rather than complete system failure.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to cause denial of service on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of triggering the specific error path. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 0c3e6288da650d1ec911a259c77bc2d88e498603, 2de8eec8afb75792440b8900a01d52b8f6742fd1, 6bb00eb21c0fbf18e5d3538c9ff0cf63fd0ace85, 7480aeff0093d8c54377553ec6b31110bea37b4d, 8cf0a1bc12870d148ae830a4ba88cfdf0e879cee

Vendor Advisory: https://git.kernel.org/stable/c/0c3e6288da650d1ec911a259c77bc2d88e498603

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Memory limit enforcement

linux

Implement strict memory limits for user processes to limit impact of memory exhaustion attacks

ulimit -v [LIMIT]
systemctl set-property user.slice MemoryMax=[LIMIT]

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Monitor system memory usage and set up alerts for abnormal memory consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisory for patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a version containing the fix commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • Abnormal memory usage patterns in system logs
  • Process crashes related to memory allocation

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "memory allocation failure")

📊 Metadata

CVE ID: CVE-2022-49890
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.03% exploit probability (7.4th percentile)
Published: May 1, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49890, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)