CVE-2022-48894
📋 TL;DR
A vulnerability in the Linux kernel's ARM SMMUv3 IOMMU driver where improper shutdown handling could cause NULL pointer dereferences. This affects systems using ARM SMMUv3 hardware with Linux kernel versions containing the vulnerable driver code. The issue occurs during system shutdown when IOMMU groups are removed without proper coordination with device drivers.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash or kernel panic during shutdown, potentially causing data corruption or system instability.
Likely Case
System instability or crashes during shutdown procedures, particularly affecting systems with specific hardware configurations using ARM SMMUv3.
If Mitigated
Minor system instability during controlled shutdowns, unlikely to affect normal operation.
🎯 Exploit Status
Exploitation requires triggering system shutdown with specific hardware/driver conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 32ea2c57dc216b6ad8125fa680d31daa5d421c95 and ead3e6c79479890444c777fd329afc125fecde48
Vendor Advisory: https://git.kernel.org/stable/c/32ea2c57dc216b6ad8125fa680d31daa5d421c95
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid system shutdown
linuxMaintain system uptime to avoid triggering the shutdown path
🧯 If You Can't Patch
- Monitor system logs for shutdown-related crashes
- Implement controlled shutdown procedures with proper device driver coordination
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if arm-smmu-v3 driver is loaded: lsmod | grep arm_smmu_v3Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: uname -r and check git commit history📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages during shutdown
- NULL pointer dereference errors in dmesg
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "arm_smmu_v3" OR "IOMMU")