CVE-2022-50331
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's wwan_hwsim driver. When device registration fails during module probing, the kernel doesn't properly clean up allocated memory for device names, leading to resource exhaustion over time. This affects systems using the wwan_hwsim driver for wireless WAN simulation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Memory leak gradually consumes kernel resources, potentially leading to performance degradation or system instability over extended periods.
If Mitigated
With proper monitoring and patching, impact is minimal as the leak occurs only during specific failure conditions.
🎯 Exploit Status
Exploitation requires ability to trigger device registration failures in wwan_hwsim driver, typically requiring local access and module loading capabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 258ad2fe5ede, 50c31fa95230, or d87973314aba
Vendor Advisory: https://git.kernel.org/stable/c/258ad2fe5ede773625adfda88b173f4123e59f45
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify wwan_hwsim module loads correctly if needed.
🔧 Temporary Workarounds
Disable wwan_hwsim module
LinuxPrevent loading of vulnerable driver if not required
echo 'blacklist wwan_hwsim' > /etc/modprobe.d/disable-wwan_hwsim.conf
rmmod wwan_hwsim
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual increases
- Restrict module loading to prevent unauthorized wwan_hwsim usage
🔍 How to Verify
Check if Vulnerable:
Check if wwan_hwsim module is loaded: lsmod | grep wwan_hwsim. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -E '258ad2fe5ede|50c31fa95230|d87973314aba' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to wwan_hwsim
- Memory allocation failures in kernel logs
- Module loading failures for wwan_hwsim
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("wwan_hwsim" OR "device_register failed")