CVE-2022-49855
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's WWAN (Wireless Wide Area Network) subsystem. When the ipc_pcie_read_bios_cfg function retrieves power state configuration from BIOS, it fails to free allocated ACPI objects, causing gradual memory exhaustion. This affects systems using the iosm WWAN driver with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes requiring system reboot.
Likely Case
Gradual memory consumption over time leading to performance degradation, particularly on systems with limited memory or frequent WWAN configuration checks.
If Mitigated
Minimal impact with proper monitoring and memory limits; system remains functional but may experience occasional performance issues.
🎯 Exploit Status
Requires kernel-level access or ability to trigger the vulnerable function; memory leaks are typically not directly weaponizable but can enable other attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel trees via commits: 13b1ea861e8a, 7560ceef4d28, d38a648d2d6c
Vendor Advisory: https://git.kernel.org/stable/c/13b1ea861e8aeb701bcfbfe436b943efa2d44029
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable iosm WWAN module
linuxPrevent loading of vulnerable driver if WWAN functionality not required
echo 'blacklist iosm' >> /etc/modprobe.d/blacklist-iosm.conf
rmmod iosm
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for memory pressure indicators
- Implement kernel memory limits and restart services if memory consumption exceeds thresholds
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if iosm module is loaded: 'uname -r' and 'lsmod | grep iosm'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits and monitor for memory leaks using tools like 'vmstat', 'slabtop', or kernel memory monitoring📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in /var/log/kern.log or dmesg
- Increasing slab memory usage over time
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("out of memory" OR "slab allocation failure") AND process="iosm"