Login Sign Up

CVE-2022-49794

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory leak vulnerability exists in the Linux kernel's at91_adc driver when registering an IIO trigger fails. If exploited, this could lead to kernel memory exhaustion over time. This affects Linux systems using the AT91 ADC driver for Analog-to-Digital conversion.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with the vulnerable at91_adc driver code
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if the at91_adc driver is loaded and used. This driver is specific to AT91/AT91SAM9 microcontrollers.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service.

🟠

Likely Case

Memory leak causing gradual performance degradation over time, potentially requiring system reboot.

🟢

If Mitigated

Minimal impact with proper memory monitoring and regular patching.

🌐 Internet-Facing: LOW - Requires local access or kernel module loading capability.
🏢 Internal Only: MEDIUM - Could be exploited by users with local access or through other vulnerabilities.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to trigger the specific error condition in at91_adc_allocate_trigger() function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with the fix commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable at91_adc module

linux

Prevent loading of vulnerable driver if not needed

echo 'blacklist at91_adc' >> /etc/modprobe.d/blacklist.conf
rmmod at91_adc

🧯 If You Can't Patch

  • Monitor system memory usage for unusual patterns
  • Restrict kernel module loading to authorized users only

🔍 How to Verify

Check if Vulnerable:

Check if at91_adc module is loaded: lsmod | grep at91_adc

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions or verify the specific commit exists in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • Memory allocation failures in kernel logs
  • System instability logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for kernel panic or oops messages containing 'at91_adc' or memory allocation failures

📊 Metadata

CVE ID: CVE-2022-49794
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: May 1, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49794, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)