CVE-2022-49914
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's Btrfs filesystem. When backref walking fails at resolve_indirect_refs(), the kernel fails to properly free inode lists attached to ulist nodes, causing kernel memory exhaustion over time. This affects all Linux systems using Btrfs filesystems.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Gradual memory leak leading to performance degradation and eventual system instability requiring reboot.
If Mitigated
Minimal impact with proper monitoring and memory limits in place.
🎯 Exploit Status
Requires local access and ability to trigger specific Btrfs operations that cause backref walking errors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 2c0329406bb28109c07c6e23e5e3e0fa618a95d7, 396515db923ad5cbeb179d6b88927870b4cbebb7, 5614dc3a47e3310fbc77ea3b67eaadd1c6417bf1, 6ba3479f9e96b9ad460c7e77abc26dd16e5dec4f, a52e24c7fcc3c5ce3588a14e3663c00868d36623
Vendor Advisory: https://git.kernel.org/stable/c/2c0329406bb28109c07c6e23e5e3e0fa618a95d7
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid Btrfs usage
linuxUse alternative filesystems like ext4 or xfs for critical systems
Limit Btrfs operations
linuxRestrict user access to Btrfs filesystem operations that could trigger backref walking
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual increases
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if Btrfs is in use: 'uname -r' and 'cat /proc/filesystems | grep btrfs'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: 'uname -r' should show version containing the fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Out of memory errors in kernel logs
- System performance degradation logs
SIEM Query:
source="kernel" AND ("out of memory" OR "kernel panic" OR "slab error")🔗 References
- https://git.kernel.org/stable/c/2c0329406bb28109c07c6e23e5e3e0fa618a95d7
- https://git.kernel.org/stable/c/396515db923ad5cbeb179d6b88927870b4cbebb7
- https://git.kernel.org/stable/c/5614dc3a47e3310fbc77ea3b67eaadd1c6417bf1
- https://git.kernel.org/stable/c/6ba3479f9e96b9ad460c7e77abc26dd16e5dec4f
- https://git.kernel.org/stable/c/a52e24c7fcc3c5ce3588a14e3663c00868d36623
- https://git.kernel.org/stable/c/b1dc9019bb5f89abae85645de1a2dd4830c1f8e9
- https://git.kernel.org/stable/c/cded2c89774b99b67c98147ae103ea878c92a206
