CVE-2022-49717
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's Apple AIC (Apple Interrupt Controller) driver. When the build_fiq_affinity function fails to properly release a reference to a device tree node, it can cause gradual memory exhaustion. This affects systems running Linux kernels with the apple-aic driver, primarily Apple Silicon-based devices.
💻 Affected Systems
- Linux kernel with apple-aic driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Gradual memory leak over time leading to reduced system performance and eventual denial of service requiring reboot.
If Mitigated
Minimal impact with proper monitoring and regular reboots; memory leak rate is relatively slow.
🎯 Exploit Status
Requires local access and ability to trigger the vulnerable code path; not directly exploitable from remote.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 2dc14cebe5dc053434b507bb24e6821cb795050f and b1ac803f47cb1615468f35cf1ccb553c52087301
Vendor Advisory: https://git.kernel.org/stable/c/2dc14cebe5dc053434b507bb24e6821cb795050f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Regular system reboots
linuxReboot system periodically to clear accumulated memory leaks
sudo reboot
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system memory usage and set alerts for abnormal consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on Apple Silicon: uname -r and check /proc/cpuinfo for Apple processorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is newer than the fix commits or check with distribution's security update status📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Out of memory errors in dmesg
- Increasing kernel memory usage over time
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "kernel panic" OR "Oops")