CVE-2022-49396
📋 TL;DR
This CVE describes a resource leak vulnerability in the Linux kernel's Qualcomm QMP PHY driver where reset controllers aren't properly released during probe errors. This can lead to kernel resource exhaustion over time, potentially causing system instability or denial of service. Systems using affected Qualcomm hardware with the vulnerable driver are affected.
💻 Affected Systems
- Linux kernel with Qualcomm QMP PHY driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could exhaust kernel resources, leading to system crashes, denial of service, or unpredictable system behavior requiring physical intervention.
Likely Case
Gradual resource leakage during device initialization failures, potentially causing system instability or performance degradation over time.
If Mitigated
Minimal impact with proper monitoring and timely patching, though resource exhaustion could still occur under specific conditions.
🎯 Exploit Status
Exploitation requires triggering device probe errors repeatedly, which typically requires physical access or specific hardware conditions. No known active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 2156dc390402, 4d2900f20edf, 7ac21b24af85, 8c03eb0c8982, a39d9eccb333
Vendor Advisory: https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Avoid device initialization failures
linuxEnsure stable hardware connections and proper device initialization to minimize probe errors that trigger the vulnerability
🧯 If You Can't Patch
- Monitor system logs for device initialization failures and kernel resource warnings
- Implement system monitoring for memory/resource exhaustion and have reboot procedures ready
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Qualcomm QMP PHY driver is loaded: 'uname -r' and 'lsmod | grep qcom_qmp_phy'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond fix commits and check for absence of resource leak errors in dmesg📡 Detection & Monitoring
Log Indicators:
- Kernel messages about resource allocation failures
- Device probe error messages for Qualcomm PHY devices
- Increasing memory/resource usage without clear cause
SIEM Query:
source="kernel" AND ("qcom_qmp_phy" OR "resource allocation" OR "probe failed")🔗 References
- https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c
- https://git.kernel.org/stable/c/4d2900f20edfe541f75756a00deeb2ffe7c66bc1
- https://git.kernel.org/stable/c/7ac21b24af859c097eb4034e93430056068f8f31
- https://git.kernel.org/stable/c/8c03eb0c8982677b4e17174073a011788891304d
- https://git.kernel.org/stable/c/a39d9eccb333b8c07c43ebea1c6dfda122378a0f
- https://git.kernel.org/stable/c/b7b5fbcaac5355e2e695dc0c08a0fcf248250388
- https://git.kernel.org/stable/c/ba173a6f8d8dffed64bb13ab23081bdddfb464f0
- https://git.kernel.org/stable/c/feb05b10b3ed3ae21b851520a0d0b71685439517
