CVE-2022-50373
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's Distributed Lock Manager (DLM) low-level communications subsystem. The vulnerability allows a use-after-free scenario where a kernel warning occurs, potentially leading to system instability or denial of service. Systems running affected Linux kernel versions with DLM enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially disrupting cluster operations in high-availability environments.
Likely Case
Kernel warning messages and potential system instability, but unlikely to lead to privilege escalation or remote code execution.
If Mitigated
Minor performance impact from kernel warnings, but system remains operational.
🎯 Exploit Status
Exploitation requires ability to trigger DLM operations and timing the race condition. Demonstrated via dlm_locktorture test.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 27d3e646dd83bafd7094890462eebfce3ac31e4a, 30ea3257e8766027c4d8d609dcbd256ff9a76073, de7fdff754bb4d01e38e19964c309b6df6a79472, or eb97e60a9eae632ff9104a580dbc4fdc58dc23cb
Vendor Advisory: https://git.kernel.org/stable/c/27d3e646dd83bafd7094890462eebfce3ac31e4a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable DLM if not needed
LinuxIf Distributed Lock Manager is not required for your system's operation, disable it to eliminate the attack surface.
modprobe -r dlm
echo 'blacklist dlm' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Monitor system logs for DLM-related warnings and kernel panics
- Implement strict access controls to limit who can trigger DLM operations
🔍 How to Verify
Check if Vulnerable:
Check if DLM module is loaded: lsmod | grep dlm. Check kernel version against patched versions from your distribution.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version. Check that system remains stable during DLM operations.📡 Detection & Monitoring
Log Indicators:
- Kernel warnings mentioning 'dlm_lowcomms_commit_msg'
- WARNING messages with call trace involving DLM functions
- System logs showing 'cut here' warnings related to DLM
Network Indicators:
- Unusual DLM cluster communication patterns (if monitoring cluster traffic)
SIEM Query:
source="kernel" AND ("dlm_lowcomms_commit_msg" OR "WARNING: CPU:" AND "dlm")