CVE-2022-50042
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's generic netlink (genl) subsystem when dumping policy information. If an error occurs during policy array construction for non-first policies, the kernel fails to properly free allocated memory, leading to resource exhaustion. This affects all Linux systems using the affected kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could repeatedly trigger the memory leak to cause kernel memory exhaustion, leading to system instability, denial of service, or potential kernel panic/crash.
Likely Case
Local or remote attackers could cause gradual memory consumption, potentially degrading system performance or causing denial of service over time.
If Mitigated
With proper memory limits and monitoring, the impact would be limited to temporary performance degradation before detection and remediation.
🎯 Exploit Status
Exploitation requires ability to trigger netlink policy dumping operations; typically requires local access or specific network services
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 249801360db3, 26b6acd36582, 83411c9f05d5, b0672895d8be
Vendor Advisory: https://git.kernel.org/stable/c/249801360db3dec4f73768c502192020bfddeacc
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits
2. Reboot system to load new kernel
3. Verify kernel version after reboot
🔧 Temporary Workarounds
Restrict netlink access
linuxLimit access to netlink sockets to prevent unauthorized users from triggering the vulnerability
Use Linux security modules (SELinux/AppArmor) to restrict netlink operations
Implement network namespaces to isolate netlink traffic
🧯 If You Can't Patch
- Implement strict memory limits using cgroups to contain potential memory exhaustion
- Monitor kernel memory usage and netlink activity for abnormal patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions containing the fix commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: 249801360db3, 26b6acd36582, 83411c9f05d5, or b0672895d8be📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Abnormal memory consumption in kernel logs
- Repeated netlink policy dump operations
Network Indicators:
- Unusual netlink socket activity
- Excessive netlink traffic from single source
SIEM Query:
source="kernel" AND ("oom" OR "out of memory" OR "netlink")