CVE-2022-49478
📋 TL;DR
This CVE-2022-49478 is an array index out-of-bounds vulnerability in the Linux kernel's pvrusb2 media driver. It allows local attackers to potentially cause kernel crashes or execute arbitrary code by exploiting unvalidated array indexing. Systems using affected Linux kernel versions with the pvrusb2 driver loaded are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if the pvrusb2 driver is not loaded or system is patched.
🎯 Exploit Status
Requires local access and knowledge of driver internals. Syzbot found this through fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel versions via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify pvrusb2 module is not loaded if not needed.
🔧 Temporary Workarounds
Disable pvrusb2 module
LinuxPrevent loading of vulnerable driver if not needed
echo 'blacklist pvrusb2' >> /etc/modprobe.d/blacklist-pvrusb2.conf
rmmod pvrusb2
🧯 If You Can't Patch
- Ensure pvrusb2 kernel module is not loaded (check with lsmod)
- Restrict local user access to systems where this driver might be loaded
🔍 How to Verify
Check if Vulnerable:
Check if pvrusb2 module is loaded: lsmod | grep pvrusb2Check Version:
uname -rVerify Fix Applied:
Check kernel version is patched and pvrusb2 module shows correct version or is not loaded📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes related to pvrusb2 driver
Network Indicators:
- None - local exploitation only
SIEM Query:
kernel: *pvrusb2* OR kernel: *general protection fault* OR kernel: *oops*🔗 References
- https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827
- https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e
- https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e
- https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a
- https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67
- https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059
- https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9
- https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7
- https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511
