CVE-2022-48791
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's pm8001 SCSI driver allows attackers to potentially crash the kernel or execute arbitrary code when Task Management Function (TMF) operations timeout. This affects systems using pm8001-based SAS/SATA host bus adapters. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with pm8001 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution.
Likely Case
System instability, kernel crashes, or denial of service on affected storage systems.
If Mitigated
Limited impact with proper access controls preventing local attackers from triggering the condition.
🎯 Exploit Status
Exploitation requires local access and ability to trigger TMF timeouts on pm8001 devices. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 3c334cdfd94945b8edb94022a0371a8665b17366 and related commits
Vendor Advisory: https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution security advisories for specific patched versions. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable pm8001 driver
linuxPrevent loading of the vulnerable driver if not needed
echo 'blacklist pm8001' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local access to systems with pm8001 adapters
- Monitor for kernel panics or system instability related to storage operations
🔍 How to Verify
Check if Vulnerable:
Check if pm8001 module is loaded: lsmod | grep pm8001 AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than distribution's patched version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Oops messages in dmesg
- Storage-related crash reports
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND "pm8001"🔗 References
- https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
- https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61
- https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018
- https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819
- https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366
- https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61
- https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018
- https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819
