CVE-2022-48759
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's rpmsg character device driver. The race condition occurs when the rpmsg_ctrldev structure is freed before its embedded cdev structure is fully released, potentially leading to memory corruption. This affects systems using the rpmsg subsystem, particularly those with specific hardware configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise.
Likely Case
System instability, kernel crashes, or denial of service due to memory corruption.
If Mitigated
Limited impact if the vulnerable code path isn't triggered; may result in warning messages in kernel logs.
🎯 Exploit Status
Exploitation requires local access and ability to interact with rpmsg character devices. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1dbb206730f3e5ce90014ad569ddf8167ec4124a, 70cb4295ec806b663665e1d2ed15caab6159880e, 74d85e9fbc7022a4011102c7474a9c7aeb704a35, 85aba11a8ea92a8eef2de95ebbe063086fd62d9c, b7fb2dad571d1e21173c06cef0bced77b323990a
Vendor Advisory: https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable rpmsg subsystem
linuxIf rpmsg functionality is not required, disable it via kernel configuration.
echo "blacklist rpmsg_char" > /etc/modprobe.d/rpmsg-blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict access to /dev/rpmsg* devices using filesystem permissions
- Monitor kernel logs for ODEBUG warnings related to rpmsg_ctrldev
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if rpmsg_char module is loaded: lsmod | grep rpmsg_charCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check if rpmsg_char uses cdev_device_add/del API (requires kernel source inspection)📡 Detection & Monitoring
Log Indicators:
- ODEBUG warnings mentioning rpmsg_ctrldev
- Kernel panic backtraces including rpmsg_ctrldev_release_device
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("rpmsg_ctrldev" OR "ODEBUG" AND "timer_list")🔗 References
- https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
- https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
- https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
- https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
- https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
- https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
- https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
- https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
- https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
- https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
- https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
- https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
- https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
- https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
