CVE-2022-49008: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did not free the skb when netdev is down, and all callers of can327_feed_frame_to_netdev() did not free allocated skb too. That would trigger skb leak. Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev is down. Not tested, just compiled.
AI Analysis
Technical Summary
CVE-2022-49008 is a vulnerability identified in the Linux kernel specifically within the CAN (Controller Area Network) subsystem, in the function can327_feed_frame_to_netdev(). The issue arises when the network device (netdev) is down: the function fails to free the socket buffer (skb) that it allocated, resulting in a memory leak. The callers of this function also do not free the skb in this scenario, compounding the problem. The vulnerability is due to missing calls to kfree_skb() to release the allocated memory when the netdev is down. This can lead to a gradual depletion of kernel memory resources, potentially causing system instability or denial of service (DoS) conditions. The fix involves adding a call to kfree_skb() in the function to ensure proper cleanup of the skb when the netdev is down. The patch was compiled but not tested at the time of disclosure. The vulnerability affects Linux kernel versions identified by the commit hash 43da2f07622f41376c7ddab8f73dc2b1d3ab9715. There are no known exploits in the wild currently, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based systems, especially those utilizing CAN interfaces (common in automotive, industrial control systems, and embedded devices), this vulnerability could lead to memory leaks in the kernel. Over time, this can degrade system performance, cause kernel crashes, or trigger denial of service, impacting availability of critical systems. Industrial environments using Linux for automation or vehicle control systems could face operational disruptions. While the vulnerability does not directly allow code execution or privilege escalation, the resulting instability could be exploited as part of a broader attack chain or cause significant downtime. Organizations with embedded Linux devices or IoT infrastructure using CAN protocols should be particularly vigilant. The absence of known exploits reduces immediate risk, but the potential for resource exhaustion attacks remains a concern.
Mitigation Recommendations
Organizations should promptly apply the patch that fixes the skb leak by ensuring the Linux kernel is updated to a version including the fix for CVE-2022-49008. For embedded or specialized systems where kernel updates are challenging, consider implementing monitoring for kernel memory usage and CAN interface status to detect abnormal resource consumption early. Employ kernel hardening techniques and limit access to CAN interfaces to trusted processes only. Additionally, conduct thorough testing of kernel updates in controlled environments before deployment to avoid regressions, given the patch was initially untested. Network segmentation and strict access controls around devices using CAN can reduce exposure. Finally, maintain an inventory of Linux systems using CAN to prioritize patching and monitoring efforts.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Belgium, Spain
CVE-2022-49008: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: can: can327: can327_feed_frame_to_netdev(): fix potential skb leak when netdev is down In can327_feed_frame_to_netdev(), it did not free the skb when netdev is down, and all callers of can327_feed_frame_to_netdev() did not free allocated skb too. That would trigger skb leak. Fix it by adding kfree_skb() in can327_feed_frame_to_netdev() when netdev is down. Not tested, just compiled.
AI-Powered Analysis
Technical Analysis
CVE-2022-49008 is a vulnerability identified in the Linux kernel specifically within the CAN (Controller Area Network) subsystem, in the function can327_feed_frame_to_netdev(). The issue arises when the network device (netdev) is down: the function fails to free the socket buffer (skb) that it allocated, resulting in a memory leak. The callers of this function also do not free the skb in this scenario, compounding the problem. The vulnerability is due to missing calls to kfree_skb() to release the allocated memory when the netdev is down. This can lead to a gradual depletion of kernel memory resources, potentially causing system instability or denial of service (DoS) conditions. The fix involves adding a call to kfree_skb() in the function to ensure proper cleanup of the skb when the netdev is down. The patch was compiled but not tested at the time of disclosure. The vulnerability affects Linux kernel versions identified by the commit hash 43da2f07622f41376c7ddab8f73dc2b1d3ab9715. There are no known exploits in the wild currently, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based systems, especially those utilizing CAN interfaces (common in automotive, industrial control systems, and embedded devices), this vulnerability could lead to memory leaks in the kernel. Over time, this can degrade system performance, cause kernel crashes, or trigger denial of service, impacting availability of critical systems. Industrial environments using Linux for automation or vehicle control systems could face operational disruptions. While the vulnerability does not directly allow code execution or privilege escalation, the resulting instability could be exploited as part of a broader attack chain or cause significant downtime. Organizations with embedded Linux devices or IoT infrastructure using CAN protocols should be particularly vigilant. The absence of known exploits reduces immediate risk, but the potential for resource exhaustion attacks remains a concern.
Mitigation Recommendations
Organizations should promptly apply the patch that fixes the skb leak by ensuring the Linux kernel is updated to a version including the fix for CVE-2022-49008. For embedded or specialized systems where kernel updates are challenging, consider implementing monitoring for kernel memory usage and CAN interface status to detect abnormal resource consumption early. Employ kernel hardening techniques and limit access to CAN interfaces to trusted processes only. Additionally, conduct thorough testing of kernel updates in controlled environments before deployment to avoid regressions, given the patch was initially untested. Network segmentation and strict access controls around devices using CAN can reduce exposure. Finally, maintain an inventory of Linux systems using CAN to prioritize patching and monitoring efforts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-22T01:27:53.643Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe68c5
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 1:10:19 AM
Last updated: 8/16/2025, 12:44:22 PM
Views: 17
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.