CVE-2022-49273
📋 TL;DR
A null pointer dereference vulnerability in the Linux kernel's PL031 RTC driver allows local attackers to cause a kernel panic (system crash) when the alarm feature is disabled due to missing interrupt lines. This affects systems using ARM PrimeCell PL031 Real Time Clock hardware without proper interrupt configuration. Only local users with access to the RTC device can trigger this vulnerability.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing complete system crash/kernel panic, requiring physical or remote console access to reboot.
Likely Case
System crash requiring reboot when a local user or process attempts to access RTC alarm functionality on affected hardware.
If Mitigated
No impact if systems are patched or don't use PL031 RTC hardware without interrupts.
🎯 Exploit Status
Exploitation requires local access and specific hardware configuration. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1b915703964f7e636961df04c540261dc55c6c70, cd2722e411e8ab7e5ae41102f6925fa13dffdac5, d274ce4a3dfd0b9a292667535578359b865765cb, ea6af39f3da50c86367a71eb3cc674ade3ed244c
Vendor Advisory: https://git.kernel.org/stable/c/1b915703964f7e636961df04c540261dc55c6c70
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable PL031 RTC module
linuxPrevent loading of the vulnerable driver if not needed
echo 'blacklist rtc-pl031' >> /etc/modprobe.d/blacklist.conf
rmmod rtc-pl031
Restrict RTC device access
linuxLimit which users can access the RTC device
chmod 600 /dev/rtc0
setfacl -m u:root:rw /dev/rtc0
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable hardware configuration
- Implement monitoring for kernel panic/crash events and rapid recovery procedures
🔍 How to Verify
Check if Vulnerable:
Check if system uses PL031 RTC: 'dmesg | grep -i pl031' and check kernel version against patched releasesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'uname -r' and check with distribution vendor📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference in kernel logs
- RTC-related crash reports
Network Indicators:
- None - local only vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "PL031")