CVE-2022-49645 – A double-free vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2022-49645?

CVE-2022-49645 has a CVSS score of 7.8 (HIGH). A double-free vulnerability in the Linux kernel's Panfrost DRM driver allows local attackers to corrupt memory shrinker lists by calling the madvise IOCTL twice on buffer objects. This can cause kernel crashes and potential privilege escalation. Affects systems using Linux kernels with Panfrost GPU driver support.

📋 TL;DR

A double-free vulnerability in the Linux kernel's Panfrost DRM driver allows local attackers to corrupt memory shrinker lists by calling the madvise IOCTL twice on buffer objects. This can cause kernel crashes and potential privilege escalation. Affects systems using Linux kernels with Panfrost GPU driver support.

💻 Affected Systems

Products:

Linux kernel with Panfrost DRM driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using Panfrost GPU driver for ARM Mali GPUs. Requires local access to trigger the vulnerability.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, potential privilege escalation if combined with other vulnerabilities, or system instability requiring reboot.

🟠

Likely Case

Kernel crash causing system instability or denial of service, requiring system reboot to restore functionality.

🟢

If Mitigated

Minimal impact if proper access controls prevent unprivileged users from accessing the vulnerable IOCTL interface.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with appropriate permissions can trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of the vulnerable IOCTL interface. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing the fix commits (0581613df7f9a4c5fac096ce1d5fb15b7b994240 and related)

Vendor Advisory: https://git.kernel.org/stable/c/0581613df7f9a4c5fac096ce1d5fb15b7b994240

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel. 4. No reboot required for kernel module updates, but recommended for stability.

🔧 Temporary Workarounds

Restrict madvise IOCTL access

Linux

Use kernel module blacklisting or access controls to restrict unprivileged access to the vulnerable IOCTL interface

echo 'blacklist panfrost' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernels
Implement strict privilege separation to limit who can access GPU-related system calls

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Panfrost module is loaded: 'uname -r' and 'lsmod | grep panfrost'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable commits and test madvise IOCTL functionality

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
GPU driver error messages related to Panfrost or madvise

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "panfrost")

📊 Metadata

CVE ID: CVE-2022-49645

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.04% exploit probability (10.3th percentile)

Published: February 26, 2025

Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49645, you might also want to check these: