It has been found that when BPF component is enabled, it results in memory leaks. These memory leaks might be exploited by the attackers. The reason behind this is that the test_map_kptr_success/test_fentry function doesn’t check the validity of the value passed before using it. Thus, it is possible to pass any value to this function and cause a memory leak. As a result, the system memory is consumed without any permission. It is recommended to upgrade the kernel version. The new version of the Linux Kernel is 4.14. This version is supported by the Red Hat Enterprise Linux OS. It is also possible to upgrade the OS.

Remote Code Execution (RCE)

Remote Code Execution (RCE) is an exploit in which the attacker gains control over a computer system or application remotely by exploiting a vulnerability. This vulnerability need not be exploitable without user interaction. The exploitation of this vulnerability can be carried out by sending commands to the target computer.

How to check if my Linux OS is vulnerable?

If you are using the latest version of your Linux OS, then your system is vulnerable. But if you are using an older version of the Linux OS, then your system might not be vulnerable to this exploit. It is recommended that you upgrade the kernel version and the operating system to avoid any security threats.

How to Upgrade Linux Kernel?

The first and the foremost step to take is to upgrade the kernel. The process of upgrading Linux Kernel can be done with a few simple steps, but it depends on the Linux distribution.
For example, if you are using Red Hat Enterprise Linux OS, then you can use the Yum utility to upgrade the kernel. Make sure that the server is not running any production workloads before proceeding with upgrading.
If you are using CentOS or Oracle Linux, and they have been installed from an ISO image, then there is no need for any further steps as you can simply reboot into non-production mode before upgrading the system in order to ensure that no applications will be affected by this process.

How to check if kernel is vulnerable?

The following commands are used to check if the kernel is vulnerable.

# grep BPF /usr/include/asm-generic/bpf.h | awk '{print $1}'
# egrep -i "CVE-2022-3532" /usr/src/linux/.config
If the above commands returns the output of "CVE-2022-3532", then the kernel is vulnerable.

Timeline

Published on: 10/17/2022 09:15:00 UTC
Last modified on: 10/19/2022 05:07:00 UTC

References