Login Sign Up

CVE-2022-49927

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's NFSv4 client implementation. When allocating slots for NFS operations fails, the kernel doesn't properly clean up previously allocated slots, leading to gradual memory exhaustion. This affects systems using NFSv4 mounts with the vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable kernel versions not explicitly listed, but patches exist for multiple stable branches (see references)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using NFSv4 client functionality. The vulnerability triggers during NFS mount operations when slot allocation fails.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service on affected systems.

🟠

Likely Case

Gradual memory leak during NFS mount operations, potentially causing performance degradation or system instability over time.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place, though still represents a resource exhaustion risk.

🌐 Internet-Facing: LOW - Requires NFS client usage and specific failure conditions during slot allocation.
🏢 Internal Only: MEDIUM - Internal systems using NFSv4 mounts with vulnerable kernels could experience stability issues.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific failure conditions during NFS slot allocation, making reliable exploitation non-trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes (see git.kernel.org references)

Vendor Advisory: https://git.kernel.org/stable/c/24641993a7dce6b1628645f4e1d97ca06c9f765d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable NFSv4 mounts

linux

Use NFSv3 instead of NFSv4 if possible, or avoid NFS mounts entirely

# Use nfsvers=3 in mount options
mount -t nfs -o nfsvers=3 server:/export /mnt

Limit NFS client usage

linux

Restrict systems from mounting NFS shares unless absolutely necessary

# Remove nfs-utils if not needed
apt remove nfs-common
yum remove nfs-utils

🧯 If You Can't Patch

  • Implement strict memory monitoring and alerting for kernel memory usage
  • Limit NFS mount operations and implement circuit breaker patterns for NFS client

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions from kernel.org. Systems using NFSv4 mounts with vulnerable kernels are affected.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version. Monitor for memory leaks during NFS operations.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • System instability during NFS operations
  • Increasing kernel memory usage in /proc/meminfo

Network Indicators:

  • Failed NFS mount attempts followed by system issues

SIEM Query:

source="kernel" AND ("oom-killer" OR "slab allocation failure" OR "nfs4")

📊 Metadata

CVE ID: CVE-2022-49927
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: May 1, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49927, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)