CVE-2022-49906 – A memory leak vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2022-49906?

CVE-2022-49906 has a CVSS score of 5.5 (MEDIUM). A memory leak vulnerability in the Linux kernel's ibmvnic driver allows attackers to cause gradual resource exhaustion by repeatedly triggering network interface resets. This affects Linux systems using IBM PowerVM virtual network interfaces. The vulnerability results in a 32-byte memory leak each time the last reset work item in a list is processed successfully.

📋 TL;DR

A memory leak vulnerability in the Linux kernel's ibmvnic driver allows attackers to cause gradual resource exhaustion by repeatedly triggering network interface resets. This affects Linux systems using IBM PowerVM virtual network interfaces. The vulnerability results in a 32-byte memory leak each time the last reset work item in a list is processed successfully.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with the vulnerable ibmvnic driver commit 4f408e1fa6e1 and before the fix commits

Operating Systems: Linux distributions running on IBM PowerVM systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using IBM PowerVM virtual network interfaces (ibmvnic driver). Standard x86 systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.

🟠

Likely Case

Gradual memory consumption over time leading to performance degradation and potential system instability requiring reboots.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place; may cause occasional performance issues.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger network interface resets; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious local users or compromised services could trigger the vulnerability to degrade system performance.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger network interface resets, typically through privileged operations or specific network conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 535b78739ae75f257c894a05b1afa86ad9a3669e, c3543a287cfba9105dcc4bb41eb817f51266caaf, or d6dd2fe71153f0ff748bf188bd4af076fe09a0a6

Vendor Advisory: https://git.kernel.org/stable/c/535b78739ae75f257c894a05b1afa86ad9a3669e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify ibmvnic driver is using patched code.

🔧 Temporary Workarounds

Disable ibmvnic interface

linux

Temporarily disable the vulnerable network interface if not required

ip link set dev <interface_name> down

Use alternative network driver

linux

Switch to different network interface if available on IBM PowerVM

🧯 If You Can't Patch

Monitor kernel memory usage and system stability metrics for signs of memory exhaustion
Implement strict access controls to prevent unauthorized users from triggering network interface operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if ibmvnic driver is loaded: lsmod | grep ibmvnic && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and monitor for memory leaks during network interface resets

📡 Detection & Monitoring

Log Indicators:

Kernel oom-killer events
Increasing kernel memory usage without clear cause
System instability after network interface operations

Network Indicators:

Unusual network interface reset patterns

SIEM Query:

source="kernel" AND ("oom-killer" OR "memory exhaustion" OR "ibmvnic")

📊 Metadata

CVE ID: CVE-2022-49906

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: May 1, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49906, you might also want to check these: