CVE-2022-49074
📋 TL;DR
This CVE describes a bug in the Linux kernel's GICv3 interrupt controller driver where incorrect polling of the GICR_CTLR.RWP bit could cause system instability. The vulnerability affects systems using ARM processors with GICv3 interrupt controllers running vulnerable Linux kernel versions. This is a local vulnerability requiring access to the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash, kernel panic, or denial of service leading to complete system unavailability.
Likely Case
System instability, intermittent crashes, or performance degradation during interrupt handling operations.
If Mitigated
Minimal impact with proper access controls preventing unauthorized local access.
🎯 Exploit Status
Requires local access and knowledge of interrupt controller operations. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases via the provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/0df6664531a12cdd8fc873f0cac0dcb40243d3e9
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Restrict local access
linuxLimit local system access to trusted users only to reduce attack surface
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local access
- Monitor system logs for instability or crash events related to interrupt handling
🔍 How to Verify
Check if Vulnerable:
Check if running an affected Linux kernel version on ARM hardware with GICv3: uname -r and check kernel version against patched releasesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: git log --oneline | grep -E '0df6664531a1|3c07cc242baf|60e1eb4811f5|6fef3e3179e6|7218a789abb3'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash dumps
- Interrupt controller error messages in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic or system crash events in system logs🔗 References
- https://git.kernel.org/stable/c/0df6664531a12cdd8fc873f0cac0dcb40243d3e9
- https://git.kernel.org/stable/c/3c07cc242baf83f0bddbbd9d7945d0bee56d8b57
- https://git.kernel.org/stable/c/60e1eb4811f53f5f60c788297d978515e7a2637a
- https://git.kernel.org/stable/c/6fef3e3179e6ed8fecdd004ede541674ffa7749d
- https://git.kernel.org/stable/c/7218a789abb3e033f5f3a85636ca50d9ae7b0fc9
- https://git.kernel.org/stable/c/c7daf1b4ad809692d5c26f33c02ed8a031066548
- https://git.kernel.org/stable/c/ff24114bb08d8b90edf2aff0a4fd0689523e6c17
