Login Sign Up

CVE-2022-49916

5.5 MEDIUM
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's ROSE protocol implementation allows local attackers to cause a kernel panic (denial of service) by triggering the rose_send_frame() function with a null device pointer. This affects systems using the ROSE protocol or with ROSE networking enabled. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions between commit 3c53cd65dece47dd1f9d3a809f32e59d1d87b2b8 and fix commits (specific version ranges depend on distribution backports)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if ROSE protocol is compiled into kernel (CONFIG_ROSE) and used. Most modern distributions don't enable ROSE by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially disrupting critical services.

🟠

Likely Case

Local denial of service through kernel panic, requiring system reboot to recover.

🟢

If Mitigated

Minimal impact if ROSE protocol is disabled or unused, as exploitation requires specific network configuration.

🌐 Internet-Facing: LOW - Requires local access or specific ROSE network exposure which is uncommon.
🏢 Internal Only: MEDIUM - Local attackers could crash systems, but requires ROSE protocol usage which is rare in modern deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Syzkaller reproducer exists, exploitation requires local access and ROSE socket manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 01b9c68c121847d05a4ccef68244dadf82bfa331, 3e2129c67daca21043a26575108f6286c85e71f6, 5b46adfbee1e429f33b10a88d6c00fa88f3d6c77, a601e5eded33bb88b8a42743db8fef3ad41dd97e, b13be5e852b03f376058027e462fad4230240891

Vendor Advisory: https://git.kernel.org/stable/c/01b9c68c121847d05a4ccef68244dadf82bfa331

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify ROSE module is not loaded if not needed.

🔧 Temporary Workarounds

Disable ROSE protocol

linux

Prevent loading of ROSE kernel module to eliminate attack surface

echo 'install rose /bin/false' >> /etc/modprobe.d/rose-blacklist.conf
rmmod rose 2>/dev/null || true

Restrict ROSE socket creation

linux

Use kernel capabilities to restrict ROSE socket creation to privileged users

sysctl -w net.rose.rose_socket_creation=0

🧯 If You Can't Patch

  • Disable ROSE protocol module completely if not required
  • Implement strict access controls to prevent unprivileged users from creating ROSE sockets

🔍 How to Verify

Check if Vulnerable:

Check if ROSE module is loaded: lsmod | grep rose. Check kernel version against distribution security advisories.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and ROSE module is not loaded or restricted.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs mentioning rose_send_frame
  • NULL pointer dereference in kernel logs with ROSE references

Network Indicators:

  • Unusual ROSE protocol traffic if normally unused

SIEM Query:

source="kernel" AND "NULL pointer dereference" AND "rose"

📊 Metadata

CVE ID: CVE-2022-49916
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: May 1, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49916, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)