CVE-2022-50371
📋 TL;DR
This CVE involves a race condition in the Linux kernel's Qualcomm LPG LED driver where the brightness_set() callback function can sleep in atomic context, violating kernel requirements. This affects Linux systems using Qualcomm hardware with the affected driver, potentially causing kernel panics or system instability.
💻 Affected Systems
- Linux kernel with Qualcomm LPG LED driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.
Likely Case
System instability, occasional crashes, or LED functionality issues when the driver is triggered.
If Mitigated
Minor performance impact or LED control issues if the driver is used.
🎯 Exploit Status
Exploitation requires triggering the LED driver in specific timing conditions. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 3031993b3474794ecb71b6f969a3e60e4bda9d8a, 380304391fa7fb084745f26b4b9a59f4666520c1, 9deba7b51d5ee7a2d93fabb69f9b8189241f90e3
Vendor Advisory: https://git.kernel.org/stable/c/3031993b3474794ecb71b6f969a3e60e4bda9d8a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable LPG LED driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist qcom-lpg' >> /etc/modprobe.d/blacklist.conf
rmmod qcom-lpg
🧯 If You Can't Patch
- Avoid using LED heartbeat functionality or other features that trigger the driver
- Monitor system logs for kernel panic indicators and have reboot procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if qcom-lpg module is loaded: lsmod | grep qcom_lpgCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or verify driver uses brightness_set_blocking instead of brightness_set📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- 'sleeping function called from invalid context' errors in dmesg
- LED driver crash logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("sleeping function" OR "invalid context" OR "qcom-lpg")