CVE-2022-49153 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
wireguard: socket: free skb in send6 when ipv6 is disabled
I got a memory leak report:
unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x84/0x3b0
[] kmem_cache_alloc_node+0x167/0x340
[] __alloc_skb+0x1db/0x200
[] wg_socket_send_buffer_to_peer+0x3d/0xc0
[] wg_packet_send_handshake_initiation+0xfa/0x110
[] wg_packet_handshake_send_worker+0x21/0x30
[] process_one_work+0x2e8/0x770
[] worker_thread+0x4a/0x4b0
[] kthread+0x120/0x160
[] ret_from_fork+0x1f/0x30
In function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_ buffer_to_peer(), the semantics of send6() is required to free skb. But when CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it to fix this bug.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/26/2025
The vulnerability CVE-2022-49153 represents a memory leak in the Linux kernel's WireGuard implementation that occurs when IPv6 support is disabled. This issue specifically affects the wireguard socket subsystem where kernel memory allocated for socket buffer management is not properly released under certain conditions. The flaw manifests when the kernel attempts to send data through WireGuard sockets and encounters scenarios where IPv6 functionality is not available, leading to unreferenced memory objects that persist in kernel memory space. The vulnerability is classified under CWE-401 as a failure to release memory resources, which directly impacts system stability and resource utilization over time.
The technical root cause of this vulnerability lies in the inconsistent handling of socket buffer management within the WireGuard kernel module. When the kernel function wg_socket_send_buffer_to_peer or wg_socket_send_buffer_as_reply_to_skb is invoked, it expects that the send6() operation will properly handle the cleanup of socket buffers through kfree_skb() calls. However, when CONFIG_IPV6 is disabled in the kernel configuration, this cleanup mechanism fails to execute properly, leaving socket buffers in memory. The backtrace clearly shows the memory allocation path through __alloc_skb and the subsequent call chain that leads to the memory leak, with the kworker thread demonstrating the persistent nature of the unreferenced objects.
The operational impact of this memory leak extends beyond simple resource consumption, as it can lead to gradual system degradation and potential denial of service conditions. As the kernel continues to process WireGuard traffic and encounters disabled IPv6 configurations, the accumulation of unreferenced socket buffers can consume significant amounts of kernel memory over time. This creates a scenario where system performance degrades progressively, and in severe cases, the system may become unresponsive due to memory exhaustion. The vulnerability is particularly concerning in environments where WireGuard is actively used for network communication and IPv6 is disabled for security or compatibility reasons, as the memory leak compounds with increased network activity.
Mitigation strategies for CVE-2022-49153 focus on applying the upstream kernel patch that explicitly adds the missing kfree_skb() call when IPv6 support is disabled. System administrators should ensure their kernel versions include this fix, particularly in production environments where WireGuard is deployed. Additionally, monitoring for memory leaks and implementing regular system maintenance routines can help detect and address similar issues before they escalate. The fix aligns with ATT&CK technique T1490 which involves data destruction and resource exhaustion through memory manipulation, and addresses the broader category of kernel-level memory management vulnerabilities that can be exploited to compromise system availability. Organizations should also consider implementing kernel hardening measures and regularly updating their systems to prevent exploitation of such vulnerabilities.