CVE-2022-48810: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path ip[6]mr_free_table() can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c (10367) WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367 unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367 Modules linked in: CPU: 1 PID: 5890 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller-11627-g422ee58dc0ef #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367 Code: 0f 85 9b ee ff ff e8 69 07 4b fa ba 7f 28 00 00 48 c7 c6 00 90 ae 8a 48 c7 c7 40 90 ae 8a c6 05 6d b1 51 06 01 e8 8c 90 d8 01 <0f> 0b e9 70 ee ff ff e8 3e 07 4b fa 4c 89 e7 e8 86 2a 59 fa e9 ee RSP: 0018:ffffc900046ff6e0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888050f51d00 RSI: ffffffff815fa008 RDI: fffff520008dfece RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815f3d6e R11: 0000000000000000 R12: 00000000fffffff4 R13: dffffc0000000000 R14: ffffc900046ff750 R15: ffff88807b7dc000 FS: 00007f4ab736e700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee0b4f8990 CR3: 000000001e7d2000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> mroute_clean_tables+0x244/0xb40 net/ipv6/ip6mr.c:1509 ip6mr_free_table net/ipv6/ip6mr.c:389 [inline] ip6mr_rules_init net/ipv6/ip6mr.c:246 [inline] ip6mr_net_init net/ipv6/ip6mr.c:1306 [inline] ip6mr_net_init+0x3f0/0x4e0 net/ipv6/ip6mr.c:1298 ops_init+0xaf/0x470 net/core/net_namespace.c:140 setup_net+0x54f/0xbb0 net/core/net_namespace.c:331 copy_net_ns+0x318/0x760 net/core/net_namespace.c:475 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110 copy_namespaces+0x391/0x450 kernel/nsproxy.c:178 copy_process+0x2e0c/0x7300 kernel/fork.c:2167 kernel_clone+0xe7/0xab0 kernel/fork.c:2555 __do_sys_clone+0xc8/0x110 kernel/fork.c:2672 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4ab89f9059 Code: Unable to access opcode bytes at RIP 0x7f4ab89f902f. RSP: 002b:00007f4ab736e118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f4ab8b0bf60 RCX: 00007f4ab89f9059 RDX: 0000000020000280 RSI: 0000000020000270 RDI: 0000000040200000 RBP: 00007f4ab8a5308d R08: 0000000020000300 R09: 0000000020000300 R10: 00000000200002c0 R11: 0000000000000206 R12: 0000000000000000 R13: 00007ffc3977cc1f R14: 00007f4ab736e300 R15: 0000000000022000 </TASK>
AI Analysis
Technical Summary
CVE-2022-48810 is a vulnerability identified in the Linux kernel related to improper locking in the multicast routing (ipmr and ip6mr) subsystems. Specifically, the issue arises because the function ip[6]mr_free_table() is called without first acquiring the RTNL (routing netlink) lock on certain failure paths. The RTNL lock is a critical synchronization mechanism used to protect network device and routing data structures from concurrent access. Failure to hold this lock before calling ip[6]mr_free_table() can lead to an assertion failure within the kernel, as indicated by the message "RTNL: assertion failed at net/core/dev.c (10367)". This assertion failure can cause a kernel panic or crash, resulting in denial of service (DoS) conditions. The vulnerability is rooted in the net/core/dev.c and net/ipv6/ip6mr.c source files, affecting the unregister_netdevice_many and multicast routing cleanup functions. The issue was discovered and fixed by ensuring the RTNL lock is acquired before calling ip[6]mr_free_table() on failure paths. The vulnerability affects Linux kernel versions around 5.16.0-syzkaller-11627-g422ee58dc0ef and likely other versions with similar multicast routing code. No known exploits are reported in the wild as of the publication date. The vulnerability does not appear to allow privilege escalation or arbitrary code execution but can cause system instability or crashes when triggered, potentially by malformed network packets or maliciously crafted multicast routing configurations. Exploitation would require local or privileged access to trigger the affected kernel code paths, as it involves kernel-level network namespace and multicast routing operations. The vulnerability is technical and specific to kernel networking internals, requiring detailed understanding of Linux kernel locking and multicast routing mechanisms to exploit or mitigate.
Potential Impact
For European organizations, the primary impact of CVE-2022-48810 is the risk of denial of service due to kernel crashes on Linux systems running vulnerable kernel versions. This can disrupt critical services, especially in environments relying on multicast routing such as telecommunications, media streaming, or complex network infrastructures. Organizations using Linux servers for network infrastructure, cloud services, or virtualization platforms could experience outages or degraded performance. Since Linux is widely deployed across European enterprises, cloud providers, and government agencies, the vulnerability could affect a broad range of sectors including finance, healthcare, public administration, and industrial control systems. The lack of known exploits reduces immediate risk, but the potential for accidental crashes or targeted DoS attacks remains. The vulnerability does not directly compromise confidentiality or integrity but impacts availability, which can have cascading effects on business operations and service delivery. Organizations with strict uptime requirements or those operating critical infrastructure should prioritize patching to avoid service interruptions. Additionally, the vulnerability could be leveraged in multi-tenant cloud environments to disrupt co-located workloads if exploited by malicious tenants with sufficient privileges.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-48810 as soon as they become available from trusted sources or Linux distribution vendors. 2. Upgrade to a Linux kernel version that includes the fix for this vulnerability, preferably from the latest stable releases or vendor-supported kernels. 3. For environments where immediate patching is not feasible, consider disabling or restricting multicast routing features if they are not required, to reduce the attack surface. 4. Implement strict access controls and monitoring on systems that handle multicast routing or network namespace operations to detect unusual or unauthorized activities. 5. Use kernel lockdown features or security modules (e.g., SELinux, AppArmor) to limit the ability of unprivileged users to interact with network namespaces or routing configurations. 6. In cloud or virtualized environments, isolate workloads and enforce tenant privilege separation to prevent exploitation by malicious actors with limited access. 7. Regularly audit and monitor kernel logs for RTNL assertion failures or related kernel warnings that could indicate attempted exploitation or instability. 8. Maintain comprehensive backup and recovery plans to quickly restore services in case of crashes or DoS incidents caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48810: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path ip[6]mr_free_table() can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c (10367) WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367 unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367 Modules linked in: CPU: 1 PID: 5890 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller-11627-g422ee58dc0ef #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367 Code: 0f 85 9b ee ff ff e8 69 07 4b fa ba 7f 28 00 00 48 c7 c6 00 90 ae 8a 48 c7 c7 40 90 ae 8a c6 05 6d b1 51 06 01 e8 8c 90 d8 01 <0f> 0b e9 70 ee ff ff e8 3e 07 4b fa 4c 89 e7 e8 86 2a 59 fa e9 ee RSP: 0018:ffffc900046ff6e0 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888050f51d00 RSI: ffffffff815fa008 RDI: fffff520008dfece RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815f3d6e R11: 0000000000000000 R12: 00000000fffffff4 R13: dffffc0000000000 R14: ffffc900046ff750 R15: ffff88807b7dc000 FS: 00007f4ab736e700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee0b4f8990 CR3: 000000001e7d2000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> mroute_clean_tables+0x244/0xb40 net/ipv6/ip6mr.c:1509 ip6mr_free_table net/ipv6/ip6mr.c:389 [inline] ip6mr_rules_init net/ipv6/ip6mr.c:246 [inline] ip6mr_net_init net/ipv6/ip6mr.c:1306 [inline] ip6mr_net_init+0x3f0/0x4e0 net/ipv6/ip6mr.c:1298 ops_init+0xaf/0x470 net/core/net_namespace.c:140 setup_net+0x54f/0xbb0 net/core/net_namespace.c:331 copy_net_ns+0x318/0x760 net/core/net_namespace.c:475 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110 copy_namespaces+0x391/0x450 kernel/nsproxy.c:178 copy_process+0x2e0c/0x7300 kernel/fork.c:2167 kernel_clone+0xe7/0xab0 kernel/fork.c:2555 __do_sys_clone+0xc8/0x110 kernel/fork.c:2672 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4ab89f9059 Code: Unable to access opcode bytes at RIP 0x7f4ab89f902f. RSP: 002b:00007f4ab736e118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007f4ab8b0bf60 RCX: 00007f4ab89f9059 RDX: 0000000020000280 RSI: 0000000020000270 RDI: 0000000040200000 RBP: 00007f4ab8a5308d R08: 0000000020000300 R09: 0000000020000300 R10: 00000000200002c0 R11: 0000000000000206 R12: 0000000000000000 R13: 00007ffc3977cc1f R14: 00007f4ab736e300 R15: 0000000000022000 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2022-48810 is a vulnerability identified in the Linux kernel related to improper locking in the multicast routing (ipmr and ip6mr) subsystems. Specifically, the issue arises because the function ip[6]mr_free_table() is called without first acquiring the RTNL (routing netlink) lock on certain failure paths. The RTNL lock is a critical synchronization mechanism used to protect network device and routing data structures from concurrent access. Failure to hold this lock before calling ip[6]mr_free_table() can lead to an assertion failure within the kernel, as indicated by the message "RTNL: assertion failed at net/core/dev.c (10367)". This assertion failure can cause a kernel panic or crash, resulting in denial of service (DoS) conditions. The vulnerability is rooted in the net/core/dev.c and net/ipv6/ip6mr.c source files, affecting the unregister_netdevice_many and multicast routing cleanup functions. The issue was discovered and fixed by ensuring the RTNL lock is acquired before calling ip[6]mr_free_table() on failure paths. The vulnerability affects Linux kernel versions around 5.16.0-syzkaller-11627-g422ee58dc0ef and likely other versions with similar multicast routing code. No known exploits are reported in the wild as of the publication date. The vulnerability does not appear to allow privilege escalation or arbitrary code execution but can cause system instability or crashes when triggered, potentially by malformed network packets or maliciously crafted multicast routing configurations. Exploitation would require local or privileged access to trigger the affected kernel code paths, as it involves kernel-level network namespace and multicast routing operations. The vulnerability is technical and specific to kernel networking internals, requiring detailed understanding of Linux kernel locking and multicast routing mechanisms to exploit or mitigate.
Potential Impact
For European organizations, the primary impact of CVE-2022-48810 is the risk of denial of service due to kernel crashes on Linux systems running vulnerable kernel versions. This can disrupt critical services, especially in environments relying on multicast routing such as telecommunications, media streaming, or complex network infrastructures. Organizations using Linux servers for network infrastructure, cloud services, or virtualization platforms could experience outages or degraded performance. Since Linux is widely deployed across European enterprises, cloud providers, and government agencies, the vulnerability could affect a broad range of sectors including finance, healthcare, public administration, and industrial control systems. The lack of known exploits reduces immediate risk, but the potential for accidental crashes or targeted DoS attacks remains. The vulnerability does not directly compromise confidentiality or integrity but impacts availability, which can have cascading effects on business operations and service delivery. Organizations with strict uptime requirements or those operating critical infrastructure should prioritize patching to avoid service interruptions. Additionally, the vulnerability could be leveraged in multi-tenant cloud environments to disrupt co-located workloads if exploited by malicious tenants with sufficient privileges.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-48810 as soon as they become available from trusted sources or Linux distribution vendors. 2. Upgrade to a Linux kernel version that includes the fix for this vulnerability, preferably from the latest stable releases or vendor-supported kernels. 3. For environments where immediate patching is not feasible, consider disabling or restricting multicast routing features if they are not required, to reduce the attack surface. 4. Implement strict access controls and monitoring on systems that handle multicast routing or network namespace operations to detect unusual or unauthorized activities. 5. Use kernel lockdown features or security modules (e.g., SELinux, AppArmor) to limit the ability of unprivileged users to interact with network namespaces or routing configurations. 6. In cloud or virtualized environments, isolate workloads and enforce tenant privilege separation to prevent exploitation by malicious actors with limited access. 7. Regularly audit and monitor kernel logs for RTNL assertion failures or related kernel warnings that could indicate attempted exploitation or instability. 8. Maintain comprehensive backup and recovery plans to quickly restore services in case of crashes or DoS incidents caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.897Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6241
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 9:56:52 PM
Last updated: 8/4/2025, 12:51:28 AM
Views: 11
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.