CVE-2022-50384
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's VME subsystem driver (vme_tsi148). An attacker with local access could exploit this to cause kernel memory corruption, potentially leading to privilege escalation or system crashes. Systems running vulnerable Linux kernel versions with the VME subsystem enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, complete system compromise, or persistent denial of service through kernel panic.
Likely Case
Local privilege escalation to root or kernel crash/panic causing system instability.
If Mitigated
Limited to denial of service if exploit fails or system has additional hardening like kernel address space layout randomization (KASLR).
🎯 Exploit Status
Requires local access and knowledge of kernel exploitation techniques. The VME subsystem is niche, reducing attack surface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 1f5661388f43df3ac106ce93e67d8d22b16a78ff and related
Vendor Advisory: https://git.kernel.org/stable/c/1f5661388f43df3ac106ce93e67d8d22b16a78ff
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable VME subsystem
linuxRemove or disable the vulnerable kernel module if not needed
sudo rmmod vme_tsi148
sudo modprobe -r vme_tsi148
Add 'blacklist vme_tsi148' to /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable the VME subsystem entirely if not required for system functionality.
- Implement strict access controls to limit local user privileges and monitor for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check if VME subsystem is loaded: lsmod | grep vme_tsi148. If loaded and kernel version is before fix commits, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits and VME module is either not loaded or updated.📡 Detection & Monitoring
Log Indicators:
- Kernel oops/panic messages in /var/log/kern.log or dmesg
- Unexpected crashes of VME-related processes
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for kernel panic events or module loading failures related to vme_tsi148🔗 References
- https://git.kernel.org/stable/c/1f5661388f43df3ac106ce93e67d8d22b16a78ff
- https://git.kernel.org/stable/c/357057ee55d3c99a5de5abe8150f7bca04f8e53b
- https://git.kernel.org/stable/c/51c0ad3b7c5b01f9314758335a13f157b05fa56d
- https://git.kernel.org/stable/c/5cc4eea715a3fcf4e516662f736dfee63979465f
- https://git.kernel.org/stable/c/5d2b286eb034af114f67d9967fc3fbc1829bb712
- https://git.kernel.org/stable/c/85db68fc901da52314ded80aace99f8b684c7815
- https://git.kernel.org/stable/c/a45ba33d398a821147d7e5f16ead7eb125e331e2
- https://git.kernel.org/stable/c/cf138759a7e92c75cfc1b7ba705e4108fe330edf
- https://git.kernel.org/stable/c/e6b0adff99edf246ba1f8d464530a0438cb1cbda
