CVE-2022-49749
📋 TL;DR
This CVE is an integer overflow vulnerability in the Linux kernel's I2C DesignWare driver that can cause kernel crashes or instability when handling specific clock configurations. It affects Linux systems using the affected I2C driver with certain hardware configurations. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with I2C DesignWare driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.
Likely Case
System instability or kernel crashes when specific I2C hardware configurations are used with high clock frequencies.
If Mitigated
No impact if systems don't use the affected I2C driver configurations or have proper access controls preventing local exploitation.
🎯 Exploit Status
Requires local access and specific hardware configuration to trigger. Not easily weaponized for privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 2f29d780bd691d20e89e5b35d5e6568607115e94, 9f36aae9e80e79b7a6d62227eaa96935166be9fe, c8c37bc514514999e62a17e95160ed9ebf75ca8d, ed173f77fd28a3e4fffc13b3f28687b9eba61157
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable I2C DesignWare driver
linuxPrevent loading of the vulnerable I2C driver if not needed
echo 'blacklist i2c-designware-core' > /etc/modprobe.d/blacklist-i2c-designware.conf
update-initramfs -u
🧯 If You Can't Patch
- Restrict local user access to systems using vulnerable I2C configurations
- Monitor system logs for kernel panics or I2C-related errors
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if I2C DesignWare driver is loaded: lsmod | grep i2c_designwareCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security update verification tools📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- I2C driver errors in dmesg
- System crash reports
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel panic' OR 'i2c_designware' OR 'segfault' in system logs