CVE-2022-50247
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's xHCI-MTK USB controller driver. When the driver fails to set a wakeup interrupt, it doesn't properly release the shared host controller data structure, causing a memory leak. This affects systems using MediaTek xHCI USB controllers with Linux kernel versions containing the vulnerable code.
💻 Affected Systems
- Linux kernel with xhci-mtk driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service through resource depletion.
Likely Case
Intermittent memory leaks that gradually consume kernel memory over time, potentially leading to performance degradation or system instability after prolonged operation.
If Mitigated
Minimal impact with proper monitoring and restart policies; memory leaks would be cleared on system reboot.
🎯 Exploit Status
Exploitation requires triggering the specific failure condition in the wakeup interrupt setup, likely through USB device manipulation or driver stress testing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits: 03a88b0bafbe3f548729d970d8366f48718c9b19, 05680a91ae60ddd0319e6618456f0883b5dd765d, c8e7463844888dc8344bbb9cbad88cdce9cb8077, ffb14aac2658873050671198543b9b8194149c14
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from official distribution repositories. 2. For custom kernels, apply the relevant git commits to xhci-mtk driver. 3. Rebuild and install kernel if compiling from source.
🔧 Temporary Workarounds
Disable xhci-mtk driver
LinuxPrevent loading of the vulnerable driver if MediaTek USB controller is not required
echo 'blacklist xhci-mtk' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual increases and schedule regular reboots
- Restrict physical USB device access to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check if xhci-mtk module is loaded: lsmod | grep xhci_mtk. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fixes: uname -r. Check git commit history for xhci-mtk driver fixes.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Memory allocation failures in dmesg
- USB controller error messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("xhci-mtk" OR "memory allocation failure" OR "oom-killer")