CVE-2022-49894
📋 TL;DR
This CVE-2022-49894 is a NULL pointer dereference vulnerability in the Linux kernel's CXL (Compute Express Link) region subsystem. It allows local attackers to cause a kernel panic (denial of service) by triggering a crash when the kernel attempts to validate HPA (Host Physical Address) ordering for CXL regions without allocated address space. This affects systems with CXL hardware support enabled in the kernel.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, requiring physical or remote console access to reboot the system.
Likely Case
Local denial of service through kernel crash when specific CXL region operations are performed on systems with CXL hardware.
If Mitigated
No impact if CXL hardware is not present or CXL support is disabled in kernel configuration.
🎯 Exploit Status
Requires local access and ability to perform CXL region operations. Exploitation requires specific hardware configuration and kernel permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via the provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/12316b9f7c18138ae656050cfd716728e27b7e2f
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Apply the specific patch from git.kernel.org if compiling custom kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable CXL support
linuxDisable CXL hardware support in kernel configuration if not required
echo 'blacklist cxl' > /etc/modprobe.d/blacklist-cxl.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with CXL hardware
- Implement strict access controls to prevent unauthorized users from performing CXL operations
🔍 How to Verify
Check if Vulnerable:
Check if CXL modules are loaded: lsmod | grep -i cxl. Check kernel version against patched versions from your distribution.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits: uname -r. Check that system doesn't crash when performing CXL region operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors mentioning cxl_region or store_targetN
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "cxl_region" OR "store_targetN")