CVE-2022-49359
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's Panfrost GPU driver that allows local attackers to potentially crash the system or execute arbitrary code. It affects systems with ARM Mali GPUs running vulnerable Linux kernel versions. The vulnerability occurs when a GPU job references freed memory after the corresponding GPU context is destroyed.
💻 Affected Systems
- Linux kernel with Panfrost GPU driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if patched or if system doesn't use Panfrost driver.
🎯 Exploit Status
Requires local access and knowledge of GPU driver internals. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 472dd7ea5e19a1aeabf1711ddc756777e05ee7c2, 6e516faf04317db2c46cbec4e3b78b4653a5b109, or 8c8e8cc91a6ffc79865108279a74fd57d9070a17 applied
Vendor Advisory: https://git.kernel.org/stable/c/472dd7ea5e19a1aeabf1711ddc756777e05ee7c2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Panfrost driver
LinuxPrevent loading of vulnerable Panfrost GPU driver module
echo 'blacklist panfrost' >> /etc/modprobe.d/blacklist-panfrost.conf
rmmod panfrost
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernels
- Implement strict privilege separation and limit GPU access to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Panfrost module is loaded: 'lsmod | grep panfrost' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check git log for fix commits: 'git log --oneline | grep -E "(472dd7ea5e19|6e516faf0431|8c8e8cc91a6f)"'📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to Panfrost driver
- GPU-related crash dumps in system logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panfrost" OR "GPU" OR "use-after-free")