CVE-2022-50432
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's kernfs subsystem that allows local attackers to cause memory corruption and potentially escalate privileges or crash the system. It affects Linux systems where kernfs is used, particularly when concurrent kernfs_remove_by_name_ns() calls occur for the same file. All Linux systems using vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic leading to denial of service, or arbitrary code execution in kernel context.
Likely Case
Kernel panic causing system crash and denial of service, potentially leading to data loss or system instability.
If Mitigated
Limited impact if proper kernel hardening and access controls prevent local attackers from triggering the race condition.
🎯 Exploit Status
The syzkaller reproducer is publicly available and demonstrates exploitation. Exploitation requires local access and triggering the specific race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 028cf780743eea79abffa7206b9dcfc080ad3546, 02eb35131050735332658029082f61515b7dfe38, 4abc99652812a2ddf932f137515d5c5a04723538, 4dfd6a477a1525773469feaf3c514b2c0fef76b5, 6f72a3977ba9d0e5491a5c01315204272e7f9c44
Vendor Advisory: https://git.kernel.org/stable/c/028cf780743eea79abffa7206b9dcfc080ad3546
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict local user access
linuxLimit shell access and local execution capabilities to trusted users only.
Disable unnecessary kernel modules
linuxReduce attack surface by disabling unused kernel features that might use kernfs.
echo 'blacklist module_name' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Implement strict access controls to prevent untrusted users from obtaining local shell access
- Monitor system logs for kernel panic events or unusual kernfs-related activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with distribution's security advisories. Vulnerable if using kernel before fix commits.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version includes fix commits: grep -i 'kernfs' /proc/version or check distribution's changelog for kernel package.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN use-after-free reports in kernel logs
- System crash/reboot events
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "kernfs" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/028cf780743eea79abffa7206b9dcfc080ad3546
- https://git.kernel.org/stable/c/02eb35131050735332658029082f61515b7dfe38
- https://git.kernel.org/stable/c/4abc99652812a2ddf932f137515d5c5a04723538
- https://git.kernel.org/stable/c/4dfd6a477a1525773469feaf3c514b2c0fef76b5
- https://git.kernel.org/stable/c/6f72a3977ba9d0e5491a5c01315204272e7f9c44
- https://git.kernel.org/stable/c/94d2643df1e70a4c310ebb5e2c493eec33df1a06
- https://git.kernel.org/stable/c/af1b57cc39beca203559576b3046094fc9e5eb32
- https://git.kernel.org/stable/c/c78b0dc6fb7fb389d674e491fd376388cdfb1d53
