CVE-2022-49029
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's IBM Power Executive (ibmpex) hardware monitoring driver. When ibmpex_register_bmc() fails during sensor registration, the driver fails to properly remove a data structure from an internal list before freeing it, potentially allowing attackers to trigger memory corruption. This affects Linux systems using the ibmpex driver for IBM Power systems hardware monitoring.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to privilege escalation, system crash, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel panic, or denial of service through system crashes.
If Mitigated
Limited impact if exploit attempts fail or system has kernel hardening protections.
🎯 Exploit Status
Requires local access and ability to trigger ibmpex_register_bmc() failure conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 24b9633f7db7f4809be7053df1d2e117e7c2de10, 45f6e81863747c0d7bc6a95ec51129900e71467a, 798198273bf86673b970b51acdb35e57f42b3fcb, 7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3, 90907cd4d11351ff76c9a447bcb5db0e264c47cd
Vendor Advisory: https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Check distribution security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable ibmpex module
linuxPrevent loading of vulnerable driver if not needed
echo 'blacklist ibmpex' >> /etc/modprobe.d/blacklist.conf
rmmod ibmpex
🧯 If You Can't Patch
- Restrict local user access to systems with ibmpex driver loaded
- Implement kernel hardening (KASLR, stack protection) to reduce exploit success
🔍 How to Verify
Check if Vulnerable:
Check if ibmpex module is loaded: lsmod | grep ibmpex. Check kernel version against distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check /proc/version or uname -r against patched versions.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes/panics
- Hardware monitoring errors
Network Indicators:
- None - local vulnerability
SIEM Query:
Search for: 'kernel: Oops' OR 'kernel: BUG' OR 'kernel: general protection fault' on systems with ibmpex driver🔗 References
- https://git.kernel.org/stable/c/24b9633f7db7f4809be7053df1d2e117e7c2de10
- https://git.kernel.org/stable/c/45f6e81863747c0d7bc6a95ec51129900e71467a
- https://git.kernel.org/stable/c/798198273bf86673b970b51acdb35e57f42b3fcb
- https://git.kernel.org/stable/c/7b2b67fe1339389e0bf3c37c7a677a004ac0e4e3
- https://git.kernel.org/stable/c/90907cd4d11351ff76c9a447bcb5db0e264c47cd
- https://git.kernel.org/stable/c/e2a87785aab0dac190ac89be6a9ba955e2c634f2
- https://git.kernel.org/stable/c/e65cfd1f9cd27d9c27ee5cb88128a9f79f25d863
- https://git.kernel.org/stable/c/f2a13196ad41c6c2ab058279dffe6c97292e753a
