CVE-2022-50420
📋 TL;DR
This CVE describes a resource leak vulnerability in the Linux kernel's hisilicon/hpre crypto driver. When the driver's remove process fails during qm sriov disable operations, it doesn't properly clean up allocated resources, potentially leading to memory leaks. This affects Linux systems using the hisilicon hardware crypto acceleration.
💻 Affected Systems
- Linux kernel with hisilicon/hpre crypto driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service conditions on affected systems.
Likely Case
Memory leaks accumulating over time, potentially degrading system performance or causing driver-related failures during device removal operations.
If Mitigated
Minimal impact with proper monitoring and timely patching; memory leaks would be contained and resolved through system reboots.
🎯 Exploit Status
Exploitation requires local access and ability to trigger driver removal operations; primarily a reliability issue rather than a security bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits: 2b3e3ecdb402, 45e6319bd5f2, 4e0de941d252, cb873c93a7ad
Vendor Advisory: https://git.kernel.org/stable/c/2b3e3ecdb402ff1053ee25b598ff21b9ddf4384f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version and driver functionality.
🔧 Temporary Workarounds
Disable hisilicon/hpre driver
linuxPrevent use of vulnerable driver by disabling or blacklisting it
echo 'blacklist hpre' >> /etc/modprobe.d/blacklist.conf
rmmod hpre
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for resource leak indicators
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if hpre module is loaded: lsmod | grep hpre; check kernel version against patched releasesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test driver removal functionality📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Memory allocation failures in dmesg
- Driver removal errors
Network Indicators:
- None - local kernel issue
SIEM Query:
source="kernel" AND ("hpre" OR "resource leak" OR "qm sriov")