CVE-2022-49977
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's ftrace subsystem allows local attackers to cause a kernel panic (denial of service) when ftrace fails to initialize properly. This affects systems with ftrace enabled and can be triggered by unprivileged users in certain configurations. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel panic, requiring system reboot to recover.
If Mitigated
Minimal impact if ftrace is disabled or systems are patched; kernel panic contained to affected system.
🎯 Exploit Status
Syzkaller fuzzer discovered and can reproduce the issue; exploit requires local access and ability to trigger ftrace operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel versions: 5.10.110, 5.15.33, 5.16.20, 5.17.3, and 5.18-rc1
Vendor Advisory: https://git.kernel.org/stable/c/4c34a2a6c9927c239dd2e295a03d49b37b618d2c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ftrace
linuxPrevent exploitation by disabling the ftrace subsystem
echo 0 > /sys/kernel/debug/tracing/tracing_on
echo nop > /sys/kernel/debug/tracing/current_tracer
Restrict ftrace access
linuxLimit which users can access ftrace functionality
chmod 600 /sys/kernel/debug/tracing/*
set kernel.ftrace_enabled = 0 in sysctl if available
🧯 If You Can't Patch
- Disable ftrace subsystem entirely if not needed
- Implement strict access controls to prevent unauthorized users from triggering ftrace operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with affected versions; check if ftrace is enabled: cat /sys/kernel/debug/tracing/tracing_onCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: uname -r should show 5.10.110+, 5.15.33+, 5.16.20+, 5.17.3+, or 5.18+📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'NULL pointer dereference'
- OOPS messages with ftrace or is_ftrace_trampoline in stack trace
- System crash/reboot logs without clear cause
Network Indicators:
- None - local exploitation only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "is_ftrace_trampoline" OR "ftrace_ops_list")🔗 References
- https://git.kernel.org/stable/c/4c34a2a6c9927c239dd2e295a03d49b37b618d2c
- https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2
- https://git.kernel.org/stable/c/934e49f7d696afdae9f979abe3f308408184e17b
- https://git.kernel.org/stable/c/c3b0f72e805f0801f05fa2aa52011c4bfc694c44
- https://git.kernel.org/stable/c/d81bd6671f45fde4c3ac7fd7733c6e3082ae9d8e
- https://git.kernel.org/stable/c/dbd8c8fc60480e3faa3ae7e27ebe03371ecd1b77
- https://git.kernel.org/stable/c/ddffe882d74ef43a3494f0ab0c24baf076c45f96
- https://git.kernel.org/stable/c/e4ae97295984ff1b9b340ed18ae1b066f36b7835
