CVE-2022-48626
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's moxart MMC host driver. An attacker with local access could potentially exploit this to execute arbitrary code or cause a denial of service. This affects Linux systems using the moxart driver, typically on embedded devices with Moxart SoCs.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if the vulnerable driver is not loaded or system is patched.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory layout. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 3a0a7ec5574b510b067cfc734b8bdb6564b31d4e, 7f901d53f120d1921f84f7b9b118e87e94b403c5, 9c25d5ff1856b91bd4365e813f566cb59aaa9552, af0e6c49438b1596e4be8a267d218a0c88a42323, bd2db32e7c3e35bd4d9b8bbff689434a50893546
Vendor Advisory: https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. Reboot the system to load the new kernel. 3. Verify the moxart driver is no longer vulnerable.
🔧 Temporary Workarounds
Disable moxart driver
linuxPrevent loading of the vulnerable moxart MMC host driver
echo 'blacklist moxart' > /etc/modprobe.d/blacklist-moxart.conf
rmmod moxart
🧯 If You Can't Patch
- Restrict local user access to systems using the moxart driver
- Implement strict privilege separation and limit user capabilities
🔍 How to Verify
Check if Vulnerable:
Check if moxart driver is loaded: lsmod | grep moxart. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and moxart driver loads without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes or panics related to moxart driver
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for kernel panic events or failed module loads related to moxart🔗 References
- https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
- https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5
- https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552
- https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323
- https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a50893546
- https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156
- https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e
- https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f
- https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e
- https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5
- https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552
- https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323
- https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a50893546
- https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156
- https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e
- https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f
