CVE-2022-50383
📋 TL;DR
A NULL pointer dereference vulnerability in the MediaTek vcodec driver of the Linux kernel can cause kernel crashes when video decoding errors occur. This affects systems using MediaTek hardware video decoding with the affected driver. The vulnerability leads to denial of service but not arbitrary code execution.
💻 Affected Systems
- Linux kernel with MediaTek vcodec driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash/kernel panic leading to complete denial of service, requiring physical or remote console access to reboot.
Likely Case
Application crash or system instability when processing malformed video content with MediaTek hardware decoding.
If Mitigated
Minor performance impact from using software decoding fallback or avoiding affected hardware features.
🎯 Exploit Status
Requires ability to trigger video decoding errors on affected hardware. Likely requires local access or ability to feed malformed video to decoding applications.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 3568ecd3f3a6d133ab7feffbba34955c8c79bbc4, 66d26ed30056e7d2da3e9c14125ffe6049a4f907, or eeb090420f3477eb5011586709409fc655c2b16c applied
Vendor Advisory: https://git.kernel.org/stable/c/3568ecd3f3a6d133ab7feffbba34955c8c79bbc4
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. For custom kernels: Apply the relevant git commits and rebuild kernel.
🔧 Temporary Workarounds
Disable hardware video decoding
allConfigure applications to use software video decoding instead of MediaTek hardware acceleration
Application-specific configuration varies. For media players, set decoding method to software.
🧯 If You Can't Patch
- Restrict video processing applications to trusted users only
- Monitor systems for kernel crashes related to video decoding and investigate sources
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if MediaTek vcodec module is loaded: 'lsmod | grep mtk-vcodec' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits or check if patch is applied in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- NULL pointer dereference errors in dmesg
- Video application crashes
Network Indicators:
- None - local vulnerability
SIEM Query:
Search for: 'kernel: BUG: unable to handle kernel NULL pointer dereference' AND 'mtk-vcodec' OR 'v4l2_m2m'