CVE-2022-50416
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's WPCM450 interrupt controller driver. When the of_iomap() function fails during device tree initialization, the allocated 'aic' structure isn't properly freed, causing a kernel memory leak. This affects systems using the WPCM450 interrupt controller, primarily embedded Linux devices.
💻 Affected Systems
- Linux kernel with WPCM450 interrupt controller support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Memory leak accumulates over time, gradually degrading system performance and potentially causing resource exhaustion in long-running systems.
If Mitigated
With proper monitoring and restart policies, impact is limited to potential performance degradation rather than complete system failure.
🎯 Exploit Status
Exploitation requires triggering the specific failure path in wpcm450_aic_of_init() function, which may require kernel-level access or specific hardware conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 4208d4faf36573a507b5e5de17abe342e9276759, 740efb64ca5e8f2b30ac843bc4ab07950479fed4, 773c9d7f127f7a599d42ceed831de69f5aa22f03, bcbcb396e1a8bd4dcaabfb0d5b98abae70880470
Vendor Advisory: https://git.kernel.org/stable/c/4208d4faf36573a507b5e5de17abe342e9276759
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel version or monitoring for memory leaks.
🔧 Temporary Workarounds
Disable WPCM450 interrupt controller
LinuxPrevent loading of the vulnerable driver if WPCM450 hardware is not required
modprobe -r wpcm450-aic
echo 'blacklist wpcm450-aic' > /etc/modprobe.d/blacklist-wpcm450.conf
🧯 If You Can't Patch
- Implement system monitoring for memory leaks and kernel OOM events
- Schedule regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if wpcm450-aic kernel module is loaded: lsmod | grep wpcm450. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Monitor /proc/meminfo and kernel logs for memory leak indicators after driver initialization.📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages
- Memory allocation failures in kernel logs
- System instability or crash reports
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("out of memory" OR "memory allocation failure" OR "kernel panic")