CVE-2022-50046
📋 TL;DR
A memory leak vulnerability in the Linux kernel's RPC subsystem could allow local attackers to cause kernel memory exhaustion or trigger NULL pointer dereferences. This affects Linux systems using the sunrpc module, primarily servers with RPC services enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel panic or denial of service through memory exhaustion, potentially leading to system instability or crash.
Likely Case
Local denial of service through memory leaks causing gradual performance degradation or kernel panic in specific error conditions.
If Mitigated
Minimal impact with proper access controls preventing local attackers from triggering the vulnerable code path.
🎯 Exploit Status
Requires local access and ability to trigger specific error conditions in the RPC subsystem. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 76fbeb1662b1c56514325118a07fba74dc4c79fe, bfc48f1b0505ffcb03a6d749139b7577d6b81ae0, c0434f0e058648649250b8ed6078b66d773de723
Vendor Advisory: https://git.kernel.org/stable/c/76fbeb1662b1c56514325118a07fba74dc4c79fe
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable sunrpc module
linuxUnload the vulnerable sunrpc module if not required
modprobe -r sunrpc
echo 'blacklist sunrpc' > /etc/modprobe.d/blacklist-sunrpc.conf
🧯 If You Can't Patch
- Restrict local user access to prevent untrusted users from triggering the vulnerability
- Monitor system memory usage and kernel logs for signs of memory leaks or crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if sunrpc module is loaded: lsmod | grep sunrpcCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for any sunrpc-related errors after testing RPC functionality📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Memory allocation failures in kernel logs
- RPC subsystem errors
Network Indicators:
- Unusual RPC traffic patterns if exploited
SIEM Query:
source="kernel" AND ("sunrpc" OR "rpc_sysfs" OR "xprt_state_change")