Login Sign Up

CVE-2022-1734

7.0 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's NFC Marvell driver allows attackers to potentially execute arbitrary code or cause denial of service. This affects Linux systems with the nfcmrvl driver loaded, typically on devices with Marvell NFC hardware. The vulnerability occurs due to improper synchronization between cleanup and firmware download routines.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Versions before commit d270453a0d9ec10bb8a802a142fb1b3601a83098 (June 2022)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if nfcmrvl NFC driver is loaded and Marvell NFC hardware is present. Most servers and desktops are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

Limited impact if driver not loaded or access restricted to privileged users only.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of driver internals. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit d270453a0d9ec10bb8a802a142fb1b3601a83098 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit d270453a0d9ec10bb8a802a142fb1b3601a83098. 2. Check distribution-specific advisories for patched kernel packages. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable nfcmrvl driver

linux

Prevent loading of vulnerable NFC driver module

echo 'blacklist nfcmrvl' >> /etc/modprobe.d/blacklist-nfcmrvl.conf
rmmod nfcmrvl

🧯 If You Can't Patch

  • Restrict physical and local user access to systems with vulnerable driver loaded
  • Implement strict privilege separation and limit users who can access NFC functionality

🔍 How to Verify

Check if Vulnerable:

Check if nfcmrvl module is loaded: lsmod | grep nfcmrvl AND check kernel version is before fix commit

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes commit d270453a0d9ec10bb8a802a142fb1b3601a83098: git log --oneline | grep d270453a0d9ec10bb8a802a142fb1b3601a83098

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crashes/panics related to nfcmrvl driver

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kernel" AND ("nfcmrvl" OR "use-after-free" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2022-1734
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1734, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)