CVE-2022-49944
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's USB Type-C UCSI subsystem allows local attackers to cause a kernel panic (system crash) by accessing stale sysfs entries. This affects Linux systems with USB Type-C support and requires local access to the system. The vulnerability was introduced by a code change and then reverted.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.
Likely Case
Local user triggers kernel panic by accessing specific sysfs paths, causing system instability or crash.
If Mitigated
With proper access controls, only privileged users could trigger the crash, reducing impact.
🎯 Exploit Status
Exploitation requires local access to the system and knowledge of specific sysfs paths. No authentication bypass needed beyond local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commit 3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad (revert) applied
Vendor Advisory: https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the revert commit. 2. Check with your distribution for specific kernel updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict sysfs access
linuxLimit access to USB Type-C sysfs entries to prevent triggering the vulnerability.
chmod 600 /sys/class/typec/*
chmod 600 /sys/class/power_supply/*
🧯 If You Can't Patch
- Restrict local user access to systems with USB Type-C support
- Disable USB Type-C UCSI support in kernel configuration if not needed
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if between vulnerable commits: uname -r and check git history for commit 87d0e2f41b8cCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes revert commit 3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- None - local only vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "oops")