CVE-2022-49950
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's fastrpc driver allows local attackers to corrupt kernel memory by opening a fastrpc device when session limits are exceeded. This affects Linux systems with the fastrpc driver loaded, typically on Qualcomm-based devices.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context leading to complete system compromise.
Likely Case
Local privilege escalation allowing an unprivileged user to gain root access on the affected system.
If Mitigated
Limited to denial of service (kernel panic) if exploit attempts fail or are detected by security controls.
🎯 Exploit Status
Requires local access and ability to open fastrpc device. No public exploit code identified in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes (see git references in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/5cf2a57c7a01a0d7bdecf875a63682f542891b1b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable fastrpc module
linuxPrevent loading of vulnerable fastrpc driver if not required
echo 'blacklist fastrpc' >> /etc/modprobe.d/blacklist.conf
rmmod fastrpc
🧯 If You Can't Patch
- Restrict local user access to prevent exploitation
- Implement strict SELinux/AppArmor policies to limit device access
🔍 How to Verify
Check if Vulnerable:
Check if fastrpc module is loaded: lsmod | grep fastrpcCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases and verify fastrpc module version if available📡 Detection & Monitoring
Log Indicators:
- Kernel oops/panic messages
- Failed fastrpc session allocations in kernel logs
Network Indicators:
- None - local-only vulnerability
SIEM Query:
Search for: 'fastrpc' AND ('panic' OR 'oops' OR 'corruption') in kernel logs🔗 References
- https://git.kernel.org/stable/c/5cf2a57c7a01a0d7bdecf875a63682f542891b1b
- https://git.kernel.org/stable/c/cf20c3533efc89578ace94fa20a9e63446223c72
- https://git.kernel.org/stable/c/d245f43aab2b61195d8ebb64cef7b5a08c590ab4
- https://git.kernel.org/stable/c/e0578e603065f120a8759b75e0d6c216c7078a39
- https://git.kernel.org/stable/c/f8632b8bb53ebc005d8f24a68a0c1f9678c0e908
