CVE-2022-49508
📋 TL;DR
This CVE describes a double-free vulnerability in the Linux kernel's HID driver for Elan touchpads. When the elan_input_configured function incorrectly calls input_free_device() on a managed resource, it can cause memory corruption leading to kernel crashes or potential privilege escalation. This affects Linux systems with Elan touchpad hardware.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel mode if an attacker can trigger the double-free and control memory allocation patterns.
Likely Case
System instability, kernel crashes, or denial of service when the vulnerable code path is triggered during device configuration.
If Mitigated
No impact if patched; unpatched systems may experience occasional crashes during touchpad initialization.
🎯 Exploit Status
Exploitation requires triggering the specific code path during device initialization. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with the fix commits: 1af20714fedad238362571620be0bd690ded05b6 and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable Elan touchpad driver
linuxPrevent loading of the vulnerable Elan HID driver module
echo 'blacklist hid-elan' >> /etc/modprobe.d/blacklist-elan.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict physical access to prevent local users from triggering device reconfiguration
- Monitor system logs for kernel panics or oops messages related to HID or input subsystems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Elan touchpad driver is loaded: 'uname -r' and 'lsmod | grep hid_elan'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is newer than patched versions, and check dmesg for successful Elan driver initialization without errors📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes during boot or device initialization
- dmesg errors mentioning 'hid-elan' or 'input' subsystem
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("hid-elan" OR "double free" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6
- https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47
- https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38
- https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3
- https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd
- https://git.kernel.org/stable/c/c92ec22a991778a096342cf1a917ae36c5c86a90
- https://git.kernel.org/stable/c/f1d4f19a796551edc6679a681ea1756b8c578c08
