CVE-2022-49921 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2022-49921?

CVE-2022-49921 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's network scheduler (specifically the red_enqueue() function). Attackers could potentially exploit this to cause kernel memory corruption, leading to system crashes or arbitrary code execution with kernel privileges. All Linux systems using affected kernel versions are vulnerable.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's network scheduler (specifically the red_enqueue() function). Attackers could potentially exploit this to cause kernel memory corruption, leading to system crashes or arbitrary code execution with kernel privileges. All Linux systems using affected kernel versions are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but references indicate stable kernel patches from 2022

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the network scheduler to be configured with RED (Random Early Detection) queuing discipline. Not all systems may have this enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation allowing attackers to execute arbitrary code with kernel-level permissions.

🟠

Likely Case

System instability, crashes, or denial of service affecting network functionality.

🟢

If Mitigated

Limited impact if proper kernel hardening and exploit mitigations are in place, though crashes may still occur.

🌐 Internet-Facing: MEDIUM - Requires network access and specific conditions to trigger, but could affect servers processing network traffic.

🏢 Internal Only: MEDIUM - Could be exploited by malicious internal users or through compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires specific network conditions and kernel memory manipulation knowledge. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 170e5317042c302777ed6d59fdb84af9b0219d4e, 52e0429471976785c155bfbf51d80990c6cd46e2, 5960b9081baca85cc7dcb14aec1de85999ea9d36, 795afe0b9bb6c915f0299a8e309936519be01619, 8bdc2acd420c6f3dd1f1c78750ec989f02a1e2b9

Vendor Advisory: https://git.kernel.org/stable/c/170e5317042c302777ed6d59fdb84af9b0219d4e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable RED queuing discipline

linux

Remove or disable RED (Random Early Detection) network queuing if not required

tc qdisc del dev <interface> root
Check current qdisc with: tc qdisc show

🧯 If You Can't Patch

Implement network segmentation to limit exposure
Enable kernel hardening features like KASLR, stack protection, and SMAP/SMEP

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions. Examine if RED qdisc is configured: tc qdisc show | grep red

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include the fix commits. Check /proc/version or uname -r

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
OOM killer messages
Network subsystem crashes in dmesg

Network Indicators:

Unexpected network interface resets
Increased packet loss on RED-configured interfaces

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND ("net" OR "sched" OR "skb")

📊 Metadata

CVE ID: CVE-2022-49921

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: May 1, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49921, you might also want to check these: