CVE-2022-49623
📋 TL;DR
This CVE-2022-49623 is a memory corruption vulnerability in the Linux kernel's PowerPC XIVE interrupt controller implementation. It allows attackers to cause out-of-bounds memory reads/writes through specially crafted interrupt requests, potentially leading to system crashes or privilege escalation. Systems running affected Linux kernel versions on PowerPC architecture with XIVE interrupt controller enabled are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation allowing attackers to gain root access and execute arbitrary code.
Likely Case
System crash or kernel panic causing denial of service, requiring physical or remote console access to reboot.
If Mitigated
No impact if patched or if XIVE interrupt controller is not enabled/used.
🎯 Exploit Status
Exploitation requires local access and ability to trigger specific interrupt conditions. The vulnerability is triggered during system initialization when allocating interrupt resources.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing the fix commits
Vendor Advisory: https://git.kernel.org/stable/c/10f2cd373e65bcd3be8f3cdc71c330c25763dfd8
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (yum update kernel, apt-get upgrade linux-image, etc.). 3. For custom kernels: Apply patches from kernel.org and rebuild.
🔧 Temporary Workarounds
Disable XIVE interrupt controller
PowerPC systemsUse legacy interrupt controller instead of XIVE if possible
Add 'xive=off' to kernel boot parameters
🧯 If You Can't Patch
- Restrict local user access to prevent potential privilege escalation
- Implement strict process isolation and resource limits
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on PowerPC with XIVE: uname -r and check /proc/interrupts for XIVE entriesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits and check dmesg for XIVE initialization errors📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of slab-out-of-bounds in xive_spapr_get_ipi
- System crashes during boot
Network Indicators:
- None - local vulnerability
SIEM Query:
search 'kernel panic' OR 'KASAN' OR 'slab-out-of-bounds' AND 'xive'