CVE-2022-49177
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Cavium hardware random number generator driver in the Linux kernel. If exploited, it could cause a kernel panic or system crash, affecting systems using Cavium hardware with this driver loaded. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with Cavium hardware random number generator driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical or remote console access to restore functionality.
Likely Case
Local denial of service through kernel panic when the vulnerable code path is triggered by a privileged user or process.
If Mitigated
Minimal impact if the Cavium hardware random number generator driver is not loaded or the system is patched.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the vulnerable code path in the kernel driver.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits e47b12f9415169eceda6770fcf45802e0c8d2a66 and e6205ad58a7ac194abfb33897585b38687d797fa
Vendor Advisory: https://git.kernel.org/stable/c/e47b12f9415169eceda6770fcf45802e0c8d2a66
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify driver is functioning correctly.
🔧 Temporary Workarounds
Unload vulnerable driver
linuxRemove the Cavium hardware random number generator driver if not needed
sudo rmmod cavium-rng-vf
🧯 If You Can't Patch
- Ensure only trusted users have local access to affected systems
- Monitor for kernel panic events and investigate any occurrences
🔍 How to Verify
Check if Vulnerable:
Check if cavium-rng-vf driver is loaded: lsmod | grep cavium-rng-vfCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or verify driver loads without errors in dmesg📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- NULL pointer dereference errors in kernel logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for 'kernel panic' or 'NULL pointer dereference' in system logs from affected hosts