CVE-2022-49665
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's ThinkPad ACPI driver. When the driver fails to properly free EFCH MMIO resources during cleanup, it causes a gradual memory consumption that could lead to system instability. This affects Linux systems running on Lenovo ThinkPad hardware with the vulnerable driver loaded.
💻 Affected Systems
- Linux kernel with thinkpad_acpi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion, leading to system crashes, denial of service, or potential privilege escalation if combined with other vulnerabilities.
Likely Case
Gradual memory consumption over time causing system performance degradation, potential application failures, or system instability requiring reboots.
If Mitigated
Minimal impact with proper monitoring and regular system maintenance; memory leak would be detected and addressed before causing significant issues.
🎯 Exploit Status
Exploitation requires local access and specific conditions to trigger the resource cleanup path. No known weaponized exploits in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 3884bf75fa044c73e843d95dd71a424e80ebb095 and d2f33f0c3ad7b0d5262d9b986f1353265fad7a08
Vendor Advisory: https://git.kernel.org/stable/c/3884bf75fa044c73e843d95dd71a424e80ebb095
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable thinkpad_acpi module
linuxPrevent loading of the vulnerable driver if ThinkPad-specific features are not required
echo 'blacklist thinkpad_acpi' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system memory usage closely for unusual consumption patterns
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if thinkpad_acpi module is loaded: lsmod | grep thinkpad_acpi. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '3884bf75fa044c73e843d95dd71a424e80ebb095\|d2f33f0c3ad7b0d5262d9b986f1353265fad7a08' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings in dmesg
- High memory usage alerts
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("Out of memory" OR "oom-killer" OR "memory allocation failure")