CVE-2022-49196
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's powerpc/pseries subsystem that allows local attackers to cause a kernel crash (denial of service) or potentially execute arbitrary code with kernel privileges. It affects Linux systems running on IBM PowerPC pSeries hardware with dynamic logical partitioning (DLPAR) enabled. The vulnerability occurs when removing PCI host bridges dynamically.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, with potential for privilege escalation to kernel-level code execution.
Likely Case
Kernel crash/panic when removing PCI host bridges via DLPAR operations, causing system instability and downtime.
If Mitigated
No impact if DLPAR operations are not performed or the system is patched.
🎯 Exploit Status
Requires local access and ability to perform DLPAR operations. Triggered by removing PCI host bridges dynamically.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 33d39efb61a84e055ca2386157d39ebbdf6b7d31, 403f9e0bc5535a0a5184d1352fa3a70e6ffacb6f, 895ca4ae1f72e0a0160ab162723e59c9f265ec93, fe2640bd7a62f1f7c3f55fbda31084085075bc30
Vendor Advisory: https://git.kernel.org/stable/c/33d39efb61a84e055ca2386157d39ebbdf6b7d31
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable DLPAR operations
PowerPC pSeriesPrevent dynamic logical partitioning operations that trigger the vulnerability
echo 0 > /proc/powerpc/dynamic_logical_partitioning
🧯 If You Can't Patch
- Restrict local user access to prevent DLPAR operations
- Avoid performing dynamic PCI host bridge removal operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on PowerPC pSeries with DLPAR enabled: uname -a && cat /proc/cpuinfo | grep -i powerCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: grep -q '33d39efb61a84e055ca2386157d39ebbdf6b7d31\|403f9e0bc5535a0a5184d1352fa3a70e6ffacb6f\|895ca4ae1f72e0a0160ab162723e59c9f265ec93\|fe2640bd7a62f1f7c3f55fbda31084085075bc30' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- SLB Access exceptions
- release_resource crashes
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel panic' OR 'SLB Access' OR 'release_resource' in system logs