CVE-2022-49952
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's fastrpc driver allows attackers to write beyond allocated memory boundaries when too many sessions are defined in devicetree. This affects Linux systems using the fastrpc driver for Qualcomm DSP communication. Attackers with local access could potentially escalate privileges or crash the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level access, allowing complete system compromise and potential persistence.
Likely Case
Kernel panic leading to denial of service (system crash) or limited memory corruption affecting system stability.
If Mitigated
No impact if the vulnerable driver is not loaded or if session count is limited below FASTRPC_MAX_SESSIONS threshold.
🎯 Exploit Status
Requires local access and ability to influence devicetree configuration or trigger probe conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 0e33b0f322fecd7a92d9dc186535cdf97940a856, 9baa1415d9abdd1e08362ea2dcfadfacee8690b5, c0425c2facd9166fa083f90c9f3187ace0c7837a, c99bc901d5eb9fbdd7bd39f625e170ce97390336, ec186b9f4aa2e6444d5308a6cc268aada7007639
Vendor Advisory: https://git.kernel.org/stable/c/0e33b0f322fecd7a92d9dc186535cdf97940a856
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable fastrpc driver
linuxPrevent loading of vulnerable fastrpc driver module
echo 'blacklist fastrpc' >> /etc/modprobe.d/blacklist.conf
rmmod fastrpc
Limit devicetree sessions
linuxEnsure devicetree configuration doesn't exceed FASTRPC_MAX_SESSIONS
Check devicetree: cat /proc/device-tree/fastrpc/sessions | wc -l
🧯 If You Can't Patch
- Restrict local user access to prevent exploitation
- Implement kernel module signing to prevent unauthorized driver loading
🔍 How to Verify
Check if Vulnerable:
Check if fastrpc module is loaded: lsmod | grep fastrpc. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for fastrpc errors after driver load.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Out of bounds memory access errors in dmesg
- fastrpc driver crash logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("fastrpc" OR "out of bounds" OR "memory corruption")🔗 References
- https://git.kernel.org/stable/c/0e33b0f322fecd7a92d9dc186535cdf97940a856
- https://git.kernel.org/stable/c/9baa1415d9abdd1e08362ea2dcfadfacee8690b5
- https://git.kernel.org/stable/c/c0425c2facd9166fa083f90c9f3187ace0c7837a
- https://git.kernel.org/stable/c/c99bc901d5eb9fbdd7bd39f625e170ce97390336
- https://git.kernel.org/stable/c/ec186b9f4aa2e6444d5308a6cc268aada7007639
