CVE-2022-49285
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's MMA8452 accelerometer driver allows local attackers to cause a kernel panic (denial of service). This affects systems with MMA8452 accelerometer hardware running vulnerable kernel versions.
💻 Affected Systems
- Linux kernel with MMA8452 accelerometer driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel panic when accessing accelerometer scale information.
If Mitigated
Minimal impact with proper access controls preventing local users from triggering the vulnerable code path.
🎯 Exploit Status
Exploitation requires local access to trigger the NULL pointer dereference through the vulnerable driver code path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 4c0bb583a4444cce224e8661090cbffc98e2fe07, c87b7b12f48db86ac9909894f4dc0107d7df6375, d2d9ebdbff79d87d27652578e6d1638ad3b5f3bf
Vendor Advisory: https://git.kernel.org/stable/c/4c0bb583a4444cce224e8661090cbffc98e2fe07
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version and that MMA8452 driver is functioning.
🔧 Temporary Workarounds
Disable MMA8452 driver
linuxPrevent loading of the vulnerable MMA8452 accelerometer driver
echo 'blacklist mma8452' >> /etc/modprobe.d/blacklist.conf
rmmod mma8452
Restrict sysfs access
linuxLimit access to the vulnerable sysfs interface
chmod 600 /sys/bus/iio/devices/*/in_accel_scale
chown root:root /sys/bus/iio/devices/*/in_accel_scale
🧯 If You Can't Patch
- Restrict local user access to systems with MMA8452 hardware
- Implement monitoring for kernel panic events and investigate triggers
🔍 How to Verify
Check if Vulnerable:
Check if MMA8452 driver is loaded: lsmod | grep mma8452. Check kernel version against affected range.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test reading accelerometer scale: cat /sys/bus/iio/devices/*/in_accel_scale should not crash.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors in kernel logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND process="mma8452"