CVE-2022-49945
📋 TL;DR
CVE-2022-49945 is an array index out-of-bounds vulnerability in the Linux kernel's gpio-fan hardware monitoring driver. It allows attackers with access to thermal cooling device controls to cause kernel memory corruption, potentially leading to denial of service (kernel panic) or arbitrary code execution. Systems using the gpio-fan driver with affected kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.
If Mitigated
No impact if gpio-fan driver is not loaded or thermal cooling controls are restricted to privileged users.
🎯 Exploit Status
Exploitation requires local access to thermal cooling device sysfs interface. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel versions with commits: 3263984c7acdcb0658155b05a724ed45a10de76d and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/3263984c7acdcb0658155b05a724ed45a10de76d
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For Debian/Ubuntu: apt update && apt upgrade linux-image-*. 3. For RHEL/CentOS: yum update kernel. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Unload gpio-fan module
linuxRemove the vulnerable kernel module if not needed
sudo rmmod gpio_fan
Restrict sysfs access
linuxLimit access to thermal cooling device controls
sudo chmod 600 /sys/class/thermal/cooling_device*/cur_state
sudo chown root:root /sys/class/thermal/cooling_device*/cur_state
🧯 If You Can't Patch
- Disable gpio-fan driver by blacklisting module: echo 'blacklist gpio_fan' | sudo tee /etc/modprobe.d/blacklist-gpio-fan.conf
- Restrict user access to thermal sysfs controls and monitor for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if gpio_fan module is loaded: lsmod | grep gpio_fan. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: uname -r should be >=5.15.61 or equivalent for your distribution. Check if /sys/class/thermal/cooling_device*/cur_state exists with proper permissions.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning gpio_fan or set_fan_speed
- System crashes/reboots with thermal cooling device errors
- Unauthorized access to /sys/class/thermal/cooling_device* in audit logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("gpio_fan" OR "set_fan_speed" OR "cooling_device")🔗 References
- https://git.kernel.org/stable/c/3263984c7acdcb0658155b05a724ed45a10de76d
- https://git.kernel.org/stable/c/3ff866455e1e263a9ac1958095fd440984248e2f
- https://git.kernel.org/stable/c/517dba798793e69b510779c3cde7224a65f3ed1d
- https://git.kernel.org/stable/c/53196e0376205ed49b75bfd0475af5e0fbd20156
- https://git.kernel.org/stable/c/7756eb1ed124753f4d64f761fc3d84290dffcb4d
- https://git.kernel.org/stable/c/c8ae6a18708f260ccdeef6ba53af7548457dc26c
- https://git.kernel.org/stable/c/e9f6972ab40a82bd7f6d36800792ba2e084474d8
- https://git.kernel.org/stable/c/f233d2be38dbbb22299192292983037f01ab363c
