CVE-2022-50312
📋 TL;DR
This CVE-2022-50312 is a memory leak vulnerability in the Linux kernel's jsm serial driver. When the driver fails during probe initialization, it doesn't properly clean up allocated resources, potentially leading to kernel memory exhaustion. This affects Linux systems using the jsm serial driver for Digi International serial cards.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could exhaust kernel memory, leading to system instability, denial of service, or kernel panic.
Likely Case
System instability or performance degradation due to memory leaks during driver initialization failures.
If Mitigated
Minimal impact with proper memory management and monitoring in place.
🎯 Exploit Status
Requires local access and ability to trigger jsm driver probe failures, typically through hardware manipulation or driver loading.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1d5859ef229e381f4db38dce8ed58e4bf862006b, 3bf05c2650cf6b8d83bf0b0d808cc78c6ee7e84c, 3ea1fd63fdf0e83b491c2a9f25b395aa0e4bf6e8, 6066bd69ffba3a6abc7c0793ccba1da79b7d77e3, 6be8e565a4a60530797a974d0a3d0e30656166a1
Vendor Advisory: https://git.kernel.org/stable/c/1d5859ef229e381f4db38dce8ed58e4bf862006b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify jsm driver is not leaking memory.
🔧 Temporary Workarounds
Disable jsm driver
LinuxPrevent loading of vulnerable jsm driver if not needed
echo 'blacklist jsm' > /etc/modprobe.d/blacklist-jsm.conf
rmmod jsm
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual patterns
- Avoid using Digi serial cards or ensure stable hardware connections
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if jsm module is loaded: uname -r && lsmod | grep jsmCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and monitor /proc/meminfo for stable kernel memory📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Memory allocation failures in dmesg
- Driver probe failure messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("jsm" OR "memory allocation failure")🔗 References
- https://git.kernel.org/stable/c/1d5859ef229e381f4db38dce8ed58e4bf862006b
- https://git.kernel.org/stable/c/3bf05c2650cf6b8d83bf0b0d808cc78c6ee7e84c
- https://git.kernel.org/stable/c/3ea1fd63fdf0e83b491c2a9f25b395aa0e4bf6e8
- https://git.kernel.org/stable/c/6066bd69ffba3a6abc7c0793ccba1da79b7d77e3
- https://git.kernel.org/stable/c/6be8e565a4a60530797a974d0a3d0e30656166a1
- https://git.kernel.org/stable/c/71ffe5111f0ffa2fd43c14fd176c6f05d4e82212
- https://git.kernel.org/stable/c/737594536dc3ce732976c0d84bb1dcc842065521
- https://git.kernel.org/stable/c/744c2d33a88b082d9d504520f0132b3d688547b2
- https://git.kernel.org/stable/c/ff9a5e50fb1910be33e62925bc7ee3bef474879e
