CVE-2022-50320
📋 TL;DR
This CVE-2022-50320 is a kernel memory corruption vulnerability in the Linux kernel's ACPI FPDT table handling. It allows attackers to trigger a kernel panic/DoS by exploiting invalid physical addresses in the FPDT table. Systems running affected Linux kernel versions with ACPI tables are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.
Likely Case
System crash/denial of service when processing malformed ACPI FPDT tables, requiring physical access or ability to modify ACPI tables.
If Mitigated
Minimal impact with proper kernel patches applied; system continues normal operation.
🎯 Exploit Status
Exploitation requires local access and ability to influence ACPI table contents, either through hardware manipulation or firmware modification.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 16046a716c8e1f447909bec9b478d58e6e25e513, 211391bf04b3c74e250c566eeff9cf808156c693, 30eca146c89d216dda95868ce00a2d35cf73d5a4, 90bfc9ae875dfbed2e6089516520204cd431dba3
Vendor Advisory: https://git.kernel.org/stable/c/16046a716c8e1f447909bec9b478d58e6e25e513
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commits. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable ACPI FPDT table processing
linuxPrevent kernel from processing FPDT tables via kernel boot parameter
Add 'acpi=no-fpdt' to kernel boot parameters in GRUB configuration
🧯 If You Can't Patch
- Restrict physical access to prevent ACPI table manipulation
- Implement strict access controls to prevent local users from modifying firmware/ACPI settings
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on affected hardware with malformed ACPI tables. Monitor for kernel panics with FPDT-related errors.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is from distribution with backported patches. Check dmesg for absence of FPDT-related warnings.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'FPDT', 'acpi_os_map_memory', or 'invalid physical address' in dmesg/system logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel logs containing 'FPDT' AND ('invalid physical address' OR 'acpi_os_map_memory')