CVE-2022-50349
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's tifm driver. When device registration fails in the tifm_7xx1_switch_media() function, kernel memory is not properly freed, potentially leading to resource exhaustion. This affects Linux systems using the tifm driver for certain flash memory card readers.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel panic.
Likely Case
Memory leak gradually consumes kernel resources, potentially leading to performance degradation or system instability over time.
If Mitigated
With proper memory management controls and monitoring, impact is limited to minor resource consumption.
🎯 Exploit Status
Exploitation requires triggering the specific error condition in device registration, which may require specific hardware or driver conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 1695b1adcc3a7d985cd22fa3b55761edf3fab50d, 2bbb222a54ff501f77ce593d21b76b79c905045e, 35abbc8406cc39e72d3ce85f6e869555afe50d54, 57c857353d5020bdec8284d9c0fee447484fe5e0, 848c45964ded537107e010aaf353aa30a0855387
Vendor Advisory: https://git.kernel.org/stable/c/1695b1adcc3a7d985cd22fa3b55761edf3fab50d
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable tifm driver
LinuxPrevent loading of the vulnerable tifm driver module
echo 'blacklist tifm' >> /etc/modprobe.d/blacklist-tifm.conf
rmmod tifm
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual increases
- Restrict local user access to systems with tifm hardware
🔍 How to Verify
Check if Vulnerable:
Check if tifm module is loaded: lsmod | grep tifm AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits AND tifm module functions normally without memory leaks📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings
- tifm driver error messages in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("tifm" OR "oom-killer" OR "memory exhaustion")🔗 References
- https://git.kernel.org/stable/c/1695b1adcc3a7d985cd22fa3b55761edf3fab50d
- https://git.kernel.org/stable/c/2bbb222a54ff501f77ce593d21b76b79c905045e
- https://git.kernel.org/stable/c/35abbc8406cc39e72d3ce85f6e869555afe50d54
- https://git.kernel.org/stable/c/57c857353d5020bdec8284d9c0fee447484fe5e0
- https://git.kernel.org/stable/c/848c45964ded537107e010aaf353aa30a0855387
- https://git.kernel.org/stable/c/d861b7d41b17942b337d4b87a70de7cd1dc44d4e
- https://git.kernel.org/stable/c/ee2715faf7e7153f5142ed09aacfa89a64d45dcb
- https://git.kernel.org/stable/c/ef843ee20576039126d34d6eb5f45d14c3e6ce18
- https://git.kernel.org/stable/c/fd2c930cf6a5b9176382c15f9acb1996e76e25ad
