CVE-2022-49929
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's RDMA over Converged Ethernet (RoCE) implementation. When handling Remote Not Ready (RNR) errors, the kernel fails to properly release memory regions, leading to resource exhaustion. Systems using RDMA/RoCE networking with the rxe driver are affected.
💻 Affected Systems
- Linux kernel with RDMA rxe driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.
Likely Case
Memory leak gradually consumes system resources, potentially leading to performance degradation or service disruption over time.
If Mitigated
With proper monitoring and resource limits, impact is limited to occasional performance issues that can be addressed through restarts.
🎯 Exploit Status
Exploitation requires ability to trigger RNR errors in RDMA communications, typically requiring local or network access to RDMA services.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 50b35ad2864a9d66f802f9ce193d99bbef64e219 and b5f9a01fae42684648c2ee3cd9985f80c67ab9f7
Vendor Advisory: https://git.kernel.org/stable/c/50b35ad2864a9d66f802f9ce193d99bbef64e219
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable RDMA rxe driver
linuxTemporarily disable the vulnerable RDMA rxe driver if not required
modprobe -r rdma_rxe
echo 'blacklist rdma_rxe' >> /etc/modprobe.d/blacklist.conf
Monitor memory usage
linuxImplement aggressive memory monitoring for systems using RDMA
# Monitor slab memory: cat /proc/meminfo | grep Slab
# Monitor process memory: ps aux --sort=-%mem | head
🧯 If You Can't Patch
- Disable RDMA/RoCE functionality if not essential for operations
- Implement strict resource limits and monitoring for memory consumption
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if RDMA rxe module is loaded: lsmod | grep rdma_rxe && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test RDMA functionality remains stable under load📡 Detection & Monitoring
Log Indicators:
- Kernel warnings about rxe_pool memory leaks
- Increasing slab memory consumption in /proc/meminfo
- System logs showing memory pressure or OOM events
Network Indicators:
- Unusual RDMA error rates or retransmissions
SIEM Query:
source="kernel" AND ("rxe_pool" OR "__rxe_cleanup" OR "WARNING: CPU:")