CVE-2022-49919
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's netfilter nf_tables subsystem. Attackers with local access can potentially exploit race conditions to cause kernel memory corruption, leading to denial of service or privilege escalation. Systems running vulnerable Linux kernel versions with nf_tables enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or privilege escalation allowing attackers to gain root access and fully compromise the system.
Likely Case
Denial of service through kernel crash or instability, potentially requiring system reboot to recover.
If Mitigated
Minimal impact if proper access controls prevent local attackers from accessing the vulnerable interface.
🎯 Exploit Status
Exploitation requires local access and involves race conditions, making reliable exploitation more challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 26b5934ff4194e13196bedcba373cd4915071d0e, 4ab6f96444e936f5e4a936d5c0bc948144bcded3, 6044791b7be707fd0e709f26e961a446424e5051, 74fd5839467054cd9c4d050614d3ee8788386171, b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e
Vendor Advisory: https://git.kernel.org/stable/c/26b5934ff4194e13196bedcba373cd4915071d0e
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable nf_tables module
linuxRemove or blacklist the nf_tables kernel module to prevent access to vulnerable code path
echo 'blacklist nf_tables' >> /etc/modprobe.d/blacklist-nftables.conf
rmmod nf_tables
Restrict access to netlink sockets
linuxUse kernel capabilities or SELinux/AppArmor to restrict which users can access netlink sockets
setcap cap_net_admin=ep /path/to/authorized_program_only
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local users from accessing the system
- Monitor system logs for kernel panic or crash events and implement rapid response procedures
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution security advisories. Check if nf_tables module is loaded: lsmod | grep nf_tablesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update and ensure it includes the fix commits. Check system stability and monitor for crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- System crash/reboot events
- Netlink socket access violations in audit logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/26b5934ff4194e13196bedcba373cd4915071d0e
- https://git.kernel.org/stable/c/4ab6f96444e936f5e4a936d5c0bc948144bcded3
- https://git.kernel.org/stable/c/6044791b7be707fd0e709f26e961a446424e5051
- https://git.kernel.org/stable/c/74fd5839467054cd9c4d050614d3ee8788386171
- https://git.kernel.org/stable/c/b2d7a92aff0fbd93c29d2aa6451fb99f050e2c4e
