CVE-2022-50389
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's TPM CRB driver where the ACPI table for TPM2 devices isn't properly freed after initialization. This affects Linux systems using TPM2 hardware with the CRB interface. The vulnerability allows attackers to gradually exhaust kernel memory, potentially leading to system instability or denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system crashes, denial of service, or triggering other vulnerabilities due to memory pressure.
Likely Case
Gradual memory consumption over time causing system performance degradation, potential kernel panics if memory is severely constrained.
If Mitigated
Minimal impact with proper memory monitoring and resource limits in place.
🎯 Exploit Status
Exploitation requires local access and ability to trigger TPM operations repeatedly. The vulnerability is in driver initialization, so exploitation would require system restart or driver reload scenarios.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 08fd965521d0e172d540cf945517810895fcb199, 0bd9b4be721c776f77adcaf34105dfca3007ddb9, 1af2232b13837ce0f3a082b9f43735b09aafc367, 2fcd3dc8b97a14f1672729c86b7041a1a89b052a, 37e90c374dd11cf4919c51e847c6d6ced0abc555
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable TPM CRB interface
LinuxPrevent use of the vulnerable TPM CRB interface if TPM functionality is not required
echo "blacklist tpm_crb" > /etc/modprobe.d/blacklist-tpm_crb.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Implement strict memory monitoring and alerts for kernel memory usage
- Restrict local user access to systems with TPM2 hardware
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if TPM CRB module is loaded: lsmod | grep tpm_crb && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for TPM initialization without memory leak warnings📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg
- Increasing kernel memory usage over time
- TPM initialization failures
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("Out of memory" OR "kernel: Out of memory" OR "tpm_crb")🔗 References
- https://git.kernel.org/stable/c/08fd965521d0e172d540cf945517810895fcb199
- https://git.kernel.org/stable/c/0bd9b4be721c776f77adcaf34105dfca3007ddb9
- https://git.kernel.org/stable/c/1af2232b13837ce0f3a082b9f43735b09aafc367
- https://git.kernel.org/stable/c/2fcd3dc8b97a14f1672729c86b7041a1a89b052a
- https://git.kernel.org/stable/c/37e90c374dd11cf4919c51e847c6d6ced0abc555
- https://git.kernel.org/stable/c/927860dfa161ae8392a264197257dbdc52b26b0f
- https://git.kernel.org/stable/c/986cd9a9b95423e35a2cbb8e9105aec0e0d7f337
- https://git.kernel.org/stable/c/b0785edaf649e5f04dc7f75533e810f4c00e4106
