CVE-2022-49145
📋 TL;DR
This CVE-2022-49145 is an out-of-bounds memory access vulnerability in the Linux kernel's ACPI CPPC (Collaborative Processor Performance Control) subsystem. When parsing _CPC data, the kernel fails to properly validate the NumEntries field, potentially allowing attackers to read kernel memory beyond allocated bounds. This affects all Linux systems using ACPI CPPC for CPU performance management.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to information leakage, potential privilege escalation if combined with other vulnerabilities, or system crash/instability.
Likely Case
Information disclosure of kernel memory contents, potentially exposing sensitive data or system information to local attackers.
If Mitigated
Minimal impact with proper kernel hardening, SELinux/AppArmor, and restricted user access to /sys and /proc interfaces.
🎯 Exploit Status
Requires local access to trigger the vulnerable code path through ACPI CPPC interfaces. No public exploits known as of knowledge cutoff.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 28d5387c1994f5e1e0d41b30a1f3dd6e1f609252, 40d8abf364bcab23bc715a9221a3c8623956257b, 97b5593fd1b182b3fdb180b6bbe64ec09669988b, b3f15609ffa521de12244cd6af24002030dda3f5, b80b19b32a432c9eee1cd200ef7aaddf608f54d1
Vendor Advisory: https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable ACPI CPPC
linuxDisable the ACPI CPPC subsystem if not needed (may impact CPU power management)
Add 'acpi=no-cpc' to kernel boot parameters in GRUB configuration
🧯 If You Can't Patch
- Restrict local user access and implement strict privilege separation
- Enable kernel hardening features like KASLR and restrict /sys and /proc access
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ACPI CPPC is enabled: 'uname -r' and 'dmesg | grep -i cpc'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check for the specific fix commits in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages, ACPI-related errors in dmesg or journalctl
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for kernel panic or oops events related to ACPI or CPPC in system logs🔗 References
- https://git.kernel.org/stable/c/28d5387c1994f5e1e0d41b30a1f3dd6e1f609252
- https://git.kernel.org/stable/c/40d8abf364bcab23bc715a9221a3c8623956257b
- https://git.kernel.org/stable/c/97b5593fd1b182b3fdb180b6bbe64ec09669988b
- https://git.kernel.org/stable/c/b3f15609ffa521de12244cd6af24002030dda3f5
- https://git.kernel.org/stable/c/b80b19b32a432c9eee1cd200ef7aaddf608f54d1
- https://git.kernel.org/stable/c/cb249f8c00f40dba83b7da8207ac14ca46e9ec9e
- https://git.kernel.org/stable/c/d208ea44e25b31db5a4d5e8c31df51787a3e9303
- https://git.kernel.org/stable/c/d7339f2a3938fb56b5f28d53f5345900b5fa0e74
- https://git.kernel.org/stable/c/e5b681822cac1f8093759b02e16c06b2c64b6788
