CVE-2022-49925
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem. When the kernel module initialization fails but cleanup is still attempted, it can cause a kernel panic or system crash. This affects systems using RDMA functionality, particularly in virtualization, HPC, and cloud environments.
💻 Affected Systems
- Linux kernel with RDMA/Core subsystem
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash when unloading the ib_core module, requiring reboot and causing temporary service interruption.
If Mitigated
Minor service disruption during module unloading with automatic recovery after reboot.
🎯 Exploit Status
Requires CAP_SYS_MODULE capability to load/unload modules. Could be chained with other vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 07c0d131cc0f, 6b3d5dcb1234, ab817f75e5e0, af8fb5a0600e, d360e875c011
Vendor Advisory: https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system. 3. Verify ib_core module loads without errors.
🔧 Temporary Workarounds
Disable RDMA module loading
linuxPrevent loading of vulnerable ib_core module
echo 'blacklist ib_core' >> /etc/modprobe.d/blacklist-rdma.conf
rmmod ib_core
Restrict module loading
linuxLimit who can load kernel modules
sysctl -w kernel.modules_disabled=1
echo 'kernel.modules_disabled=1' >> /etc/sysctl.conf
🧯 If You Can't Patch
- Restrict module loading capabilities to trusted users only
- Monitor for attempts to load/unload ib_core module
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ib_core module is loaded: lsmod | grep ib_coreCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits and attempt to load/unload ib_core module without crash📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference in kernel logs
- ib_core module load/unload failures
Network Indicators:
- Sudden loss of RDMA connectivity
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "ib_core" OR "KASAN: null-ptr-deref")🔗 References
- https://git.kernel.org/stable/c/07c0d131cc0fe1f3981a42958fc52d573d303d89
- https://git.kernel.org/stable/c/6b3d5dcb12347f3518308c2c9d2cf72453a3e1e5
- https://git.kernel.org/stable/c/ab817f75e5e0fa58d9be0825da6a7b7d8a1fa1d9
- https://git.kernel.org/stable/c/af8fb5a0600e9ae29950e9422a032c3c22649ee5
- https://git.kernel.org/stable/c/d360e875c011a005628525bf290322058927e7dc
