CVE-2022-50087
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's ARM SCPI firmware driver. If exploited, it could allow local attackers to execute arbitrary code or crash the system by triggering memory corruption. This affects Linux systems using ARM-based hardware with the SCPI firmware interface.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, potentially leading to complete system compromise, data theft, or persistent backdoor installation.
Likely Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.
If Mitigated
No impact if proper kernel hardening and access controls prevent local users from triggering the vulnerable code path.
🎯 Exploit Status
Requires local access and ability to trigger SCPI probe failure conditions. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 08272646cd7c310642c39b7f54348fddd7987643, 0c29e149b6bb498778ed8a1c9597b51acfba7856, 18048cba444a7c41dbf42c180d6b46606fc24c51, 4f2d7b46d6b53c07f44a4f8f8f4438888f0e9e87, 5aa558232edc30468d1f35108826dd5b3ffe978f
Vendor Advisory: https://git.kernel.org/stable/c/08272646cd7c310642c39b7f54348fddd7987643
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable SCPI firmware module
linuxPrevent loading of the vulnerable scpi driver module
echo 'blacklist scpi' >> /etc/modprobe.d/blacklist.conf
rmmod scpi
🧯 If You Can't Patch
- Restrict local user access to prevent potential exploitation
- Implement kernel hardening features like SELinux/AppArmor to limit damage scope
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if scpi module is loaded: lsmod | grep scpi && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits and scpi module loads without errors in dmesg📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in dmesg
- System crashes/panics related to scpi module
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel: scpi' OR 'kernel: Oops' OR 'kernel: general protection fault' in system logs🔗 References
- https://git.kernel.org/stable/c/08272646cd7c310642c39b7f54348fddd7987643
- https://git.kernel.org/stable/c/0c29e149b6bb498778ed8a1c9597b51acfba7856
- https://git.kernel.org/stable/c/18048cba444a7c41dbf42c180d6b46606fc24c51
- https://git.kernel.org/stable/c/4f2d7b46d6b53c07f44a4f8f8f4438888f0e9e87
- https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f
- https://git.kernel.org/stable/c/689640efc0a2c4e07e6f88affe6d42cd40cc3f85
- https://git.kernel.org/stable/c/87c4896d5dd7fd9927c814cf3c6289f41de3b562
