CVE-2022-48865: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel panic when enabling bearer When enabling a bearer on a node, a kernel panic is observed: [ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc] ... [ 4.520030] Call Trace: [ 4.520689] <IRQ> [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc] [ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc] [ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc] [ 4.525292] tipc_rcv+0x5da/0x730 [tipc] [ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0 [ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc] [ 4.528737] __netif_receive_skb_list_core+0x20b/0x260 [ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0 [ 4.531450] ? dev_gro_receive+0x4c2/0x680 [ 4.532512] napi_complete_done+0x6f/0x180 [ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net] ... The node in question is receiving activate messages in another thread after changing bearer status to allow message sending/ receiving in current thread: thread 1 | thread 2 -------- | -------- | tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc(); | ... | } | Monitoring pointer in thread 2 is dereferenced before monitoring data is allocated in thread 1. This causes kernel panic. This commit fixes it by allocating the monitoring data before enabling the bearer to receive messages.
AI Analysis
Technical Summary
CVE-2022-48865 is a vulnerability in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem. The flaw arises when enabling a bearer on a node, which can lead to a kernel panic due to a race condition between two threads. Specifically, thread 1 allocates monitoring data (mon) and enables the bearer, while thread 2 concurrently receives activate messages and dereferences a monitoring pointer before the monitoring data is fully allocated. This results in a null-pointer dereference in the function tipc_mon_prep(), causing the kernel to panic and crash. The root cause is that the monitoring data is not allocated before the bearer is enabled to receive messages, leading to unsafe concurrent access. The fix involves allocating the monitoring data prior to enabling the bearer, ensuring that the pointer dereference is safe. This vulnerability affects Linux kernel versions identified by the commit hash 35c55c9877f8de0ab129fa1a309271d0ecc868b9 and likely other versions containing the same TIPC implementation. The vulnerability does not require user interaction or authentication to trigger, but exploitation requires the ability to manipulate TIPC bearer states, which is typically limited to privileged users or processes. No known exploits are reported in the wild as of the publication date (July 16, 2024). The vulnerability impacts system stability by causing kernel panics, which can lead to denial of service (DoS) conditions on affected Linux systems running TIPC. Since TIPC is used primarily in clustered or telecom environments for inter-node communication, systems relying on this protocol are at risk of unexpected crashes if this vulnerability is exploited.
Potential Impact
For European organizations, the impact of CVE-2022-48865 can be significant in environments where Linux servers or embedded systems utilize the TIPC protocol, such as telecommunications infrastructure, clustered computing environments, and industrial control systems. A kernel panic resulting from this vulnerability causes immediate system downtime, which can disrupt critical services, including telecom networks, data centers, and industrial operations. This denial of service can affect service availability, leading to operational interruptions and potential financial losses. Moreover, repeated crashes might complicate system management and recovery, increasing maintenance costs. Since TIPC is less commonly used in general-purpose Linux deployments, the impact is more pronounced in specialized sectors prevalent in Europe, including telecom providers, manufacturing, and research institutions that depend on high-availability Linux clusters. The vulnerability does not directly compromise confidentiality or integrity but poses a high risk to availability. European organizations with critical infrastructure relying on Linux TIPC should prioritize patching to maintain service continuity and avoid operational disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes CVE-2022-48865 as soon as it becomes available from trusted sources or Linux distribution vendors. 2. For organizations using custom or embedded Linux kernels, backport the patch to the relevant kernel versions to ensure protection. 3. Restrict access to TIPC bearer configuration and management interfaces to trusted and authenticated administrative users only, minimizing the risk of accidental or malicious triggering of the vulnerability. 4. Monitor system logs for kernel panics or unusual TIPC-related errors that could indicate attempted exploitation or instability. 5. Implement robust system monitoring and automated recovery mechanisms to quickly detect and remediate kernel panics to reduce downtime. 6. In environments where TIPC is not required, consider disabling the TIPC module to eliminate the attack surface. 7. Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure stability and compatibility. 8. Maintain an up-to-date inventory of Linux systems running TIPC to prioritize patching and mitigation efforts effectively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-48865: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel panic when enabling bearer When enabling a bearer on a node, a kernel panic is observed: [ 4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc] ... [ 4.520030] Call Trace: [ 4.520689] <IRQ> [ 4.521236] tipc_link_build_proto_msg+0x375/0x750 [tipc] [ 4.522654] tipc_link_build_state_msg+0x48/0xc0 [tipc] [ 4.524034] __tipc_node_link_up+0xd7/0x290 [tipc] [ 4.525292] tipc_rcv+0x5da/0x730 [tipc] [ 4.526346] ? __netif_receive_skb_core+0xb7/0xfc0 [ 4.527601] tipc_l2_rcv_msg+0x5e/0x90 [tipc] [ 4.528737] __netif_receive_skb_list_core+0x20b/0x260 [ 4.530068] netif_receive_skb_list_internal+0x1bf/0x2e0 [ 4.531450] ? dev_gro_receive+0x4c2/0x680 [ 4.532512] napi_complete_done+0x6f/0x180 [ 4.533570] virtnet_poll+0x29c/0x42e [virtio_net] ... The node in question is receiving activate messages in another thread after changing bearer status to allow message sending/ receiving in current thread: thread 1 | thread 2 -------- | -------- | tipc_enable_bearer() | test_and_set_bit_lock() | tipc_bearer_xmit_skb() | | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc(); | ... | } | Monitoring pointer in thread 2 is dereferenced before monitoring data is allocated in thread 1. This causes kernel panic. This commit fixes it by allocating the monitoring data before enabling the bearer to receive messages.
AI-Powered Analysis
Technical Analysis
CVE-2022-48865 is a vulnerability in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem. The flaw arises when enabling a bearer on a node, which can lead to a kernel panic due to a race condition between two threads. Specifically, thread 1 allocates monitoring data (mon) and enables the bearer, while thread 2 concurrently receives activate messages and dereferences a monitoring pointer before the monitoring data is fully allocated. This results in a null-pointer dereference in the function tipc_mon_prep(), causing the kernel to panic and crash. The root cause is that the monitoring data is not allocated before the bearer is enabled to receive messages, leading to unsafe concurrent access. The fix involves allocating the monitoring data prior to enabling the bearer, ensuring that the pointer dereference is safe. This vulnerability affects Linux kernel versions identified by the commit hash 35c55c9877f8de0ab129fa1a309271d0ecc868b9 and likely other versions containing the same TIPC implementation. The vulnerability does not require user interaction or authentication to trigger, but exploitation requires the ability to manipulate TIPC bearer states, which is typically limited to privileged users or processes. No known exploits are reported in the wild as of the publication date (July 16, 2024). The vulnerability impacts system stability by causing kernel panics, which can lead to denial of service (DoS) conditions on affected Linux systems running TIPC. Since TIPC is used primarily in clustered or telecom environments for inter-node communication, systems relying on this protocol are at risk of unexpected crashes if this vulnerability is exploited.
Potential Impact
For European organizations, the impact of CVE-2022-48865 can be significant in environments where Linux servers or embedded systems utilize the TIPC protocol, such as telecommunications infrastructure, clustered computing environments, and industrial control systems. A kernel panic resulting from this vulnerability causes immediate system downtime, which can disrupt critical services, including telecom networks, data centers, and industrial operations. This denial of service can affect service availability, leading to operational interruptions and potential financial losses. Moreover, repeated crashes might complicate system management and recovery, increasing maintenance costs. Since TIPC is less commonly used in general-purpose Linux deployments, the impact is more pronounced in specialized sectors prevalent in Europe, including telecom providers, manufacturing, and research institutions that depend on high-availability Linux clusters. The vulnerability does not directly compromise confidentiality or integrity but poses a high risk to availability. European organizations with critical infrastructure relying on Linux TIPC should prioritize patching to maintain service continuity and avoid operational disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes CVE-2022-48865 as soon as it becomes available from trusted sources or Linux distribution vendors. 2. For organizations using custom or embedded Linux kernels, backport the patch to the relevant kernel versions to ensure protection. 3. Restrict access to TIPC bearer configuration and management interfaces to trusted and authenticated administrative users only, minimizing the risk of accidental or malicious triggering of the vulnerability. 4. Monitor system logs for kernel panics or unusual TIPC-related errors that could indicate attempted exploitation or instability. 5. Implement robust system monitoring and automated recovery mechanisms to quickly detect and remediate kernel panics to reduce downtime. 6. In environments where TIPC is not required, consider disabling the TIPC module to eliminate the attack surface. 7. Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure stability and compatibility. 8. Maintain an up-to-date inventory of Linux systems running TIPC to prioritize patching and mitigation efforts effectively.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.920Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe641c
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 6/30/2025, 10:56:17 PM
Last updated: 8/10/2025, 2:33:04 AM
Views: 14
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.