CVE-2022-49807: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmet_auth_set_key When changing dhchap secrets we need to release the old secrets as well. kmemleak complaint: -- unreferenced object 0xffff8c7f44ed8180 (size 64): comm "check", pid 7304, jiffies 4295686133 (age 72034.246s) hex dump (first 32 bytes): 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8 backtrace: [<00000000b6fc5071>] kstrdup+0x2e/0x60 [<00000000f0f4633f>] 0xffffffffc0e07ee6 [<0000000053006c05>] 0xffffffffc0dff783 [<00000000419ae922>] configfs_write_iter+0xb1/0x120 [<000000008183c424>] vfs_write+0x2be/0x3c0 [<000000009005a2a5>] ksys_write+0x5f/0xe0 [<00000000cd495c89>] do_syscall_64+0x38/0x90 [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
AI Analysis
Technical Summary
CVE-2022-49807 is a vulnerability identified in the Linux kernel specifically within the nvmet (NVMe target) subsystem. The issue is a memory leak occurring in the function nvmet_auth_set_key, which is responsible for managing authentication keys used in the NVMe over Fabrics (NVMe-oF) target implementation. The vulnerability arises when changing CHAP (Challenge-Handshake Authentication Protocol) secrets; the old secrets are not properly released, leading to unreleased memory allocations. This is evidenced by the kernel memory leak detector (kmemleak) reporting unreferenced objects related to the authentication keys. The backtrace shows the leak occurs during kernel string duplication (kstrdup) and configuration filesystem write operations (configfs_write_iter), indicating that the leak happens when configuration changes are applied to the nvmet subsystem. While the vulnerability does not directly allow code execution or privilege escalation, the memory leak can degrade system stability over time, potentially leading to resource exhaustion and denial of service (DoS) conditions on systems heavily utilizing NVMe-oF with CHAP authentication. The vulnerability has been fixed by ensuring that old secrets are properly freed when updated. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49807 depends largely on their use of Linux systems as NVMe-oF targets, particularly in data centers, cloud providers, and enterprises with high-performance storage infrastructures. Organizations relying on NVMe-oF with CHAP authentication could experience gradual memory leaks leading to degraded performance or system crashes if the vulnerability is exploited or triggered by routine configuration changes. This could affect critical storage services, impacting availability and potentially causing downtime in environments where high availability is essential, such as financial institutions, healthcare providers, and industrial control systems. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could disrupt business operations and service delivery. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to maintain system reliability.
Mitigation Recommendations
To mitigate CVE-2022-49807, European organizations should: 1) Apply the latest Linux kernel patches that address the memory leak in nvmet_auth_set_key as soon as they become available from trusted Linux distribution vendors or the upstream kernel. 2) Monitor systems running NVMe-oF targets with CHAP authentication for unusual memory usage patterns or kernel memory leak warnings using tools like kmemleak or system monitoring solutions. 3) Implement configuration management best practices to minimize frequent changes to CHAP secrets unless necessary, reducing the risk of triggering the leak. 4) Conduct regular kernel updates and testing in staging environments to ensure stability and security of storage subsystems. 5) Engage with Linux vendor support channels for guidance on backporting fixes if using long-term support kernels. 6) Consider additional monitoring and alerting on storage subsystem health to detect early signs of resource exhaustion or performance degradation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2022-49807: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmet_auth_set_key When changing dhchap secrets we need to release the old secrets as well. kmemleak complaint: -- unreferenced object 0xffff8c7f44ed8180 (size 64): comm "check", pid 7304, jiffies 4295686133 (age 72034.246s) hex dump (first 32 bytes): 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8 backtrace: [<00000000b6fc5071>] kstrdup+0x2e/0x60 [<00000000f0f4633f>] 0xffffffffc0e07ee6 [<0000000053006c05>] 0xffffffffc0dff783 [<00000000419ae922>] configfs_write_iter+0xb1/0x120 [<000000008183c424>] vfs_write+0x2be/0x3c0 [<000000009005a2a5>] ksys_write+0x5f/0xe0 [<00000000cd495c89>] do_syscall_64+0x38/0x90 [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
AI-Powered Analysis
Technical Analysis
CVE-2022-49807 is a vulnerability identified in the Linux kernel specifically within the nvmet (NVMe target) subsystem. The issue is a memory leak occurring in the function nvmet_auth_set_key, which is responsible for managing authentication keys used in the NVMe over Fabrics (NVMe-oF) target implementation. The vulnerability arises when changing CHAP (Challenge-Handshake Authentication Protocol) secrets; the old secrets are not properly released, leading to unreleased memory allocations. This is evidenced by the kernel memory leak detector (kmemleak) reporting unreferenced objects related to the authentication keys. The backtrace shows the leak occurs during kernel string duplication (kstrdup) and configuration filesystem write operations (configfs_write_iter), indicating that the leak happens when configuration changes are applied to the nvmet subsystem. While the vulnerability does not directly allow code execution or privilege escalation, the memory leak can degrade system stability over time, potentially leading to resource exhaustion and denial of service (DoS) conditions on systems heavily utilizing NVMe-oF with CHAP authentication. The vulnerability has been fixed by ensuring that old secrets are properly freed when updated. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49807 depends largely on their use of Linux systems as NVMe-oF targets, particularly in data centers, cloud providers, and enterprises with high-performance storage infrastructures. Organizations relying on NVMe-oF with CHAP authentication could experience gradual memory leaks leading to degraded performance or system crashes if the vulnerability is exploited or triggered by routine configuration changes. This could affect critical storage services, impacting availability and potentially causing downtime in environments where high availability is essential, such as financial institutions, healthcare providers, and industrial control systems. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could disrupt business operations and service delivery. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to maintain system reliability.
Mitigation Recommendations
To mitigate CVE-2022-49807, European organizations should: 1) Apply the latest Linux kernel patches that address the memory leak in nvmet_auth_set_key as soon as they become available from trusted Linux distribution vendors or the upstream kernel. 2) Monitor systems running NVMe-oF targets with CHAP authentication for unusual memory usage patterns or kernel memory leak warnings using tools like kmemleak or system monitoring solutions. 3) Implement configuration management best practices to minimize frequent changes to CHAP secrets unless necessary, reducing the risk of triggering the leak. 4) Conduct regular kernel updates and testing in staging environments to ensure stability and security of storage subsystems. 5) Engage with Linux vendor support channels for guidance on backporting fixes if using long-term support kernels. 6) Consider additional monitoring and alerting on storage subsystem health to detect early signs of resource exhaustion or performance degradation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.225Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4c85
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 1:55:24 AM
Last updated: 8/12/2025, 1:56:00 AM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.