CVE-2022-49391 – This CVE describes a double-free vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-49391?

CVE-2022-49391 has a CVSS score of 7.8 (HIGH). This CVE describes a double-free vulnerability in the MediaTek SCP (System Control Processor) remoteproc driver in the Linux kernel. If exploited, it could lead to memory corruption, potentially causing kernel crashes or privilege escalation. This affects Linux systems using MediaTek processors with the vulnerable driver.

📋 TL;DR

This CVE describes a double-free vulnerability in the MediaTek SCP (System Control Processor) remoteproc driver in the Linux kernel. If exploited, it could lead to memory corruption, potentially causing kernel crashes or privilege escalation. This affects Linux systems using MediaTek processors with the vulnerable driver.

💻 Affected Systems

Products:

Linux kernel with MediaTek SCP remoteproc driver

Versions: Linux kernel versions before the fix commits adc02700236613b344a947a897fc2741d52a43b9 and eac3e5b1c12f85732e60f5f8b985444d273866bb

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with MediaTek processors that use the SCP remoteproc driver. The driver must be loaded and in use for the vulnerability to be exploitable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or local privilege escalation allowing attackers to gain root access on the system.

🟠

Likely Case

System instability or crashes when the MediaTek SCP driver is loaded and the vulnerable code path is triggered, potentially through normal driver operations.

🟢

If Mitigated

No impact if the vulnerable driver is not loaded or the system is patched.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access to exploit.

🏢 Internal Only: MEDIUM - Local users or processes could potentially exploit this to crash systems or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory management. The double-free occurs during driver removal, so exploitation timing is constrained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits adc02700236613b344a947a897fc2741d52a43b9 and eac3e5b1c12f85732e60f5f8b985444d273866bb

Vendor Advisory: https://git.kernel.org/stable/c/adc02700236613b344a947a897fc2741d52a43b9

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel. 4. No reboot required for kernel module updates, but recommended for stability.

🔧 Temporary Workarounds

Disable MediaTek SCP driver

all

Prevent loading of the vulnerable driver module

echo 'blacklist mtk_scp' >> /etc/modprobe.d/blacklist.conf
rmmod mtk_scp

🧯 If You Can't Patch

Restrict local user access to systems using MediaTek processors
Monitor system logs for kernel panics or unusual driver behavior

🔍 How to Verify

Check if Vulnerable:

Check if mtk_scp module is loaded: lsmod | grep mtk_scp. Check kernel version: uname -r and compare with patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: git log --oneline | grep -E 'adc02700236613b344a947a897fc2741d52a43b9|eac3e5b1c12f85732e60f5f8b985444d273866bb'

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
Oops messages in dmesg
System crashes related to memory corruption

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "double free")

📊 Metadata

CVE ID: CVE-2022-49391

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.04% exploit probability (11.8th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49391, you might also want to check these: