CVE-2022-49072
📋 TL;DR
A race condition vulnerability in the Linux kernel's GPIO subsystem allows uninitialized interrupt request (IRQ) members to be accessed before proper initialization, potentially causing kernel NULL pointer dereferences. This affects systems using GPIO chips with IRQ functionality, particularly those with I2C interfaces accessing GPIO-to-IRQ mappings during device probing.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic and system crash due to NULL pointer dereference, leading to denial of service and potential data loss.
Likely Case
System instability or crashes during device initialization, particularly affecting I2C device probing on systems with GPIO IRQ chips.
If Mitigated
Minor system instability during hardware initialization that may cause device failures but not full system crashes.
🎯 Exploit Status
Exploitation requires triggering the race condition during GPIO chip initialization, typically through I2C device probing. This is more likely to occur as a stability issue than a deliberate attack.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 0912cf021fb5749372b3782611d8b1de4986c13a, 2c1fa3614795e2b24da1ba95de0b27b8f6ea4537, 5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320, 7e88a50704b0c49ad3f2d11e8b963341cf68a89f, f8dea54f74cae8c2e4d7b2952e8fed7743a85c87
Vendor Advisory: https://git.kernel.org/stable/c/0912cf021fb5749372b3782611d8b1de4986c13a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable vulnerable GPIO IRQ functionality
linuxPrevent usage of GPIO chips with IRQ functionality if not required
Modify kernel boot parameters: add 'gpiochip.irq=0' or disable specific GPIO modules in kernel configuration
🧯 If You Can't Patch
- Avoid hot-plugging I2C devices or GPIO chips that might trigger the initialization race condition
- Monitor system logs for kernel NULL pointer dereference errors and restart affected services if crashes occur
🔍 How to Verify
Check if Vulnerable:
Check kernel version and whether it contains the fix commits. Look for kernel logs containing 'gpiochip_to_irq' errors or NULL pointer dereferences during device initialization.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Test I2C device probing with GPIO IRQ functionality to ensure no crashes occur.📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference errors
- Call traces containing gpiochip_to_irq
- I2C device probe failures
- GPIO IRQ initialization errors
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "gpiochip_to_irq" OR "i2c_device_probe")🔗 References
- https://git.kernel.org/stable/c/0912cf021fb5749372b3782611d8b1de4986c13a
- https://git.kernel.org/stable/c/2c1fa3614795e2b24da1ba95de0b27b8f6ea4537
- https://git.kernel.org/stable/c/5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320
- https://git.kernel.org/stable/c/7e88a50704b0c49ad3f2d11e8b963341cf68a89f
- https://git.kernel.org/stable/c/f8dea54f74cae8c2e4d7b2952e8fed7743a85c87
