CVE-2022-49524
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's cx23885 media driver. When the driver fails to set DMA mask during device initialization, it doesn't properly clean up previously allocated I2C resources, leading to memory corruption. This affects Linux systems using cx23885-based TV tuner/capture cards.
💻 Affected Systems
- Linux kernel with cx23885 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation to kernel mode execution
Likely Case
System instability, crashes, or denial of service when loading/unloading the cx23885 driver
If Mitigated
Driver fails to load cleanly but system remains stable
🎯 Exploit Status
Requires ability to load/unload kernel modules (typically requires root or CAP_SYS_MODULE)
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 453514a874c78df1e7804e6e3aaa60c8d8deb6a8 or later
Vendor Advisory: https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commit. 2. Reboot system. 3. Verify kernel version and that cx23885 module loads without errors.
🔧 Temporary Workarounds
Blacklist cx23885 module
LinuxPrevent loading of vulnerable driver module
echo 'blacklist cx23885' >> /etc/modprobe.d/blacklist-cx23885.conf
rmmod cx23885 2>/dev/null || true
🧯 If You Can't Patch
- Restrict module loading to trusted users only (remove CAP_SYS_MODULE from untrusted users)
- Monitor for cx23885 module loading/unloading events in system logs
🔍 How to Verify
Check if Vulnerable:
Check if cx23885 module is loaded: lsmod | grep cx23885. Check kernel version against distribution's security advisories.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commit. Test loading cx23885 module: modprobe cx23885 (should succeed without KASAN errors).📡 Detection & Monitoring
Log Indicators:
- KASAN use-after-free reports in dmesg
- Kernel oops or panic messages related to cx23885
- Failed dma_set_mask() calls in kernel logs
SIEM Query:
source="kernel" AND ("cx23885" OR "use-after-free" OR "KASAN")🔗 References
- https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8
- https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db
- https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0
- https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332
- https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3
- https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493
- https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b
- https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba
