CVE-2022-49502
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's RGA (Raster Graphic Acceleration) driver. When the rga_probe function fails during device initialization, it doesn't properly free allocated memory for the m2m_dev structure. This affects Linux systems using the RGA driver, potentially leading to resource exhaustion over time.
💻 Affected Systems
- Linux kernel with RGA driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or kernel panic.
Likely Case
Memory leak during device initialization failures, gradually consuming kernel memory until system becomes unstable or requires reboot.
If Mitigated
Minimal impact with proper monitoring and regular reboots; memory leak only occurs during specific initialization failures.
🎯 Exploit Status
Requires ability to trigger rga_probe failure; typically requires local access and kernel module loading privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/1cdc768468c25d6b10ab83ec1efd4a8554532d69
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify RGA driver is not leaking memory.
🔧 Temporary Workarounds
Disable RGA driver
linuxPrevent loading of vulnerable RGA kernel module
echo 'blacklist rga' >> /etc/modprobe.d/blacklist.conf
rmmod rga
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual increases
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if RGA module is loaded: 'uname -r' and 'lsmod | grep rga'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and monitor for memory leaks after RGA operations📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Out of memory errors in dmesg
- Failed module initialization logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "kernel panic" OR "rga")🔗 References
- https://git.kernel.org/stable/c/1cdc768468c25d6b10ab83ec1efd4a8554532d69
- https://git.kernel.org/stable/c/8ddc89437ccefa18279918c19a61fd81527f40b9
- https://git.kernel.org/stable/c/a71eb6025305192e646040cd76ccacb5bd48a1b5
- https://git.kernel.org/stable/c/b7bbca4d08471bc8404a946bab1aa017dd05199b
- https://git.kernel.org/stable/c/eeb4819e94aa69767b9e5591e70c63e8b7c5786a
