CVE-2022-50459
📋 TL;DR
A race condition vulnerability in the Linux kernel's iSCSI TCP implementation allows local attackers to trigger a NULL pointer dereference crash (kernel panic) by accessing sysfs attributes while the socket is being freed. This affects systems using iSCSI storage connections with the vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting iSCSI storage connectivity and causing data unavailability.
Likely Case
Local denial of service through kernel panic when malicious users access specific sysfs paths during socket cleanup.
If Mitigated
Minimal impact with proper access controls preventing local users from accessing sysfs iSCSI attributes.
🎯 Exploit Status
Requires local access and timing to trigger race condition; not trivial but feasible for skilled attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0a0b861fce2657ba08ec356a74346b37ca4b2008 or later
Vendor Advisory: https://git.kernel.org/stable/c/0a0b861fce2657ba08ec356a74346b37ca4b2008
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Restrict sysfs access
linuxLimit access to iSCSI sysfs attributes to prevent triggering the race condition
chmod 600 /sys/class/iscsi_host/*/device/session*/connection*/address
chmod 600 /sys/class/iscsi_host/*/device/session*/connection*/port
🧯 If You Can't Patch
- Disable iSCSI TCP connections if not required
- Implement strict access controls to prevent local users from accessing sysfs iSCSI attributes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if iSCSI modules are loaded: uname -r && lsmod | grep iscsiCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and test iSCSI connectivity remains stable📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning NULL pointer dereference in iscsi_tcp
- System crash dumps with iscsi_sw_tcp in stack trace
Network Indicators:
- Sudden iSCSI connection drops followed by system instability
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "iscsi"🔗 References
- https://git.kernel.org/stable/c/0a0b861fce2657ba08ec356a74346b37ca4b2008
- https://git.kernel.org/stable/c/57569c37f0add1b6489e1a1563c71519daf732cf
- https://git.kernel.org/stable/c/884a788f065578bb640382279a83d1df433b13e6
- https://git.kernel.org/stable/c/897dbbc57d71e8a34ec1af8e573a142de457da38
- https://git.kernel.org/stable/c/a26b0658751bb0a3b28386fca715333b104d32a2
