CVE-2022-50107
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's CIFS (Common Internet File System) implementation when using fscache. Attackers could potentially cause denial of service by exhausting system memory. Systems using CIFS with fscache enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System memory exhaustion leading to kernel panic or complete system crash, potentially causing data loss and service disruption.
Likely Case
Gradual memory consumption leading to performance degradation and eventual denial of service for affected services.
If Mitigated
Minimal impact if memory monitoring and limits are in place, though some performance degradation may still occur.
🎯 Exploit Status
Requires CIFS access and ability to trigger specific read patterns. Memory leak occurs gradually over time rather than immediate exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 7105b4047481bc2950fb767cff328d8b75292c0f, ae497726cd090673a4d20ac725ccc2de8067a7a5, c6f62f81b488d00afaa86bae26c6ce9ab12c709e
Vendor Advisory: https://git.kernel.org/stable/c/7105b4047481bc2950fb767cff328d8b75292c0f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable fscache for CIFS
linuxDisable fscache caching for CIFS mounts to prevent triggering the vulnerable code path
mount -t cifs -o nofsc //server/share /mount/point
Use alternative CIFS options
linuxUse direct I/O or other caching mechanisms instead of fscache
mount -t cifs -o cache=none //server/share /mount/point
🧯 If You Can't Patch
- Disable fscache on all CIFS mounts using 'nofsc' mount option
- Implement memory monitoring and limits to detect and mitigate memory exhaustion
🔍 How to Verify
Check if Vulnerable:
Check if CIFS mounts use fscache: 'mount | grep cifs' and look for fscache options. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: 'uname -r' and check with distribution vendor for patch inclusion.📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg or syslog
- Increasing memory usage by kernel processes
- CIFS-related errors in system logs
Network Indicators:
- Unusual CIFS traffic patterns triggering repeated cache operations
SIEM Query:
source="kernel" AND ("out of memory" OR "OOM") AND process="cifs"