CVE-2022-50394
📋 TL;DR
This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's i2c subsystem, specifically in the ismt_access() function. Attackers with local access can trigger this vulnerability by providing specially crafted input to cause kernel memory corruption, potentially leading to system crashes or privilege escalation. This affects Linux systems using the Intel SMBus Message Transfer (iSMT) controller driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation to root if attackers can control memory corruption to execute arbitrary code.
Likely Case
System crash or kernel panic causing denial of service, requiring system reboot.
If Mitigated
Minimal impact if proper input validation is implemented to prevent out-of-bounds access.
🎯 Exploit Status
The vulnerability requires local access to the i2c device interface. The log output shows 'ismt_poc' indicating proof-of-concept code exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 03b7ef7a6c5ca1ff553470166b4919db88b810f6 and related commits
Vendor Advisory: https://git.kernel.org/stable/c/03b7ef7a6c5ca1ff553470166b4919db88b810f6
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable i2c-ismt module
linuxPrevent loading of the vulnerable i2c-ismt driver module
echo 'blacklist i2c-ismt' >> /etc/modprobe.d/blacklist-ismt.conf
rmmod i2c_ismt
Restrict i2c device access
linuxChange permissions on i2c device nodes to restrict access
chmod 600 /dev/i2c-*
chown root:root /dev/i2c-*
🧯 If You Can't Patch
- Implement strict access controls on i2c device nodes (/dev/i2c-*)
- Monitor system logs for i2c access attempts and kernel panic events
🔍 How to Verify
Check if Vulnerable:
Check if i2c-ismt module is loaded: lsmod | grep ismt. Check kernel version against patched versions from your distribution.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and i2c-ismt module functions normally without crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'BUG: KASAN: out-of-bounds in ismt_access'
- i2c device access logs with large block sizes
- System crashes or kernel panics related to i2c
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("ismt_access" OR "out-of-bounds" OR "KASAN")🔗 References
- https://git.kernel.org/stable/c/03b7ef7a6c5ca1ff553470166b4919db88b810f6
- https://git.kernel.org/stable/c/233348a04becf133283f0076e20b317302de21d9
- https://git.kernel.org/stable/c/39244cc754829bf707dccd12e2ce37510f5b1f8d
- https://git.kernel.org/stable/c/4a7bb1d93addb2f67e36fed00a53cb7f270d7b7a
- https://git.kernel.org/stable/c/96c12fd0ec74641295e1c3c34dea3dce1b6c3422
- https://git.kernel.org/stable/c/9ac541a0898e8ec187a3fa7024b9701cffae6bf2
- https://git.kernel.org/stable/c/a642469d464b2780a25a49b51ae56623c65eac34
- https://git.kernel.org/stable/c/bfe41d966c860a8ad4c735639d616da270c92735
- https://git.kernel.org/stable/c/cdcbae2c5003747ddfd14e29db9c1d5d7e7c44dd
