CVE-2022-50236
📋 TL;DR
This CVE describes a race condition vulnerability in the MediaTek IOMMU driver in the Linux kernel where an interrupt service routine (ISR) can be triggered before proper domain initialization during kexec() reboots. This leads to a kernel crash due to invalid memory access. Systems using Linux kernels with the MediaTek IOMMU driver are affected.
💻 Affected Systems
- Linux kernel with MediaTek IOMMU driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic and system crash leading to denial of service, potentially causing data loss or service disruption.
Likely Case
System crash during kexec() reboot operations, resulting in temporary denial of service until manual intervention.
If Mitigated
No impact if the system doesn't use kexec() or the MediaTek IOMMU driver, or if patched.
🎯 Exploit Status
Requires local access and ability to trigger kexec() reboot. Not remotely exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 00ef8885a945c37551547d8ac8361cacd20c4e42, 85cc8a187f2de7a91e2cea522e9406fa12999269, or f13acee780cedb3e06a6dadf64d9104cccd2b9fc
Vendor Advisory: https://git.kernel.org/stable/c/00ef8885a945c37551547d8ac8361cacd20c4e42
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For custom kernels, apply the patch from the git repository. 3. Recompile and install the updated kernel.
🔧 Temporary Workarounds
Disable kexec() system call
allPrevent use of kexec() to avoid triggering the vulnerability
echo 0 > /proc/sys/kernel/kexec_load_disabled
Disable MediaTek IOMMU driver
allRemove or blacklist the MediaTek IOMMU driver if not needed
echo 'blacklist mtk-iommu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
🧯 If You Can't Patch
- Avoid using kexec() for system reboots
- Implement strict access controls to prevent unauthorized users from executing kexec()
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if MediaTek IOMMU driver is loaded: 'lsmod | grep mtk_iommu' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or test kexec() reboot functionality📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'Unable to handle kernel read from unreadable memory'
- Call trace including 'mtk_iommu_isr' or 'report_iommu_fault'
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
kernel:panic AND (mtk_iommu_isr OR report_iommu_fault)