CVE-2022-50433
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's EFI subsystem allows attackers to potentially execute arbitrary code or cause system crashes. This affects systems using ACPI tables loaded from EFI variables, primarily Linux servers and workstations with UEFI firmware. The vulnerability occurs when memory is incorrectly freed after successful ACPI table loading.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel privilege escalation leading to full system compromise, arbitrary code execution at kernel level, or persistent denial of service.
Likely Case
System instability, kernel panics, or crashes when specific ACPI operations are performed, potentially requiring physical access or specialized conditions to trigger.
If Mitigated
Limited impact with proper kernel hardening, SELinux/AppArmor, and restricted physical access to EFI variables.
🎯 Exploit Status
Exploitation requires local access and specific conditions to trigger the use-after-free. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 11497fd69cd2282538ec6eb4cda1d16fc061233d and 4b017e59f01097f19b938f6dc4dc2c4720701610
Vendor Advisory: https://git.kernel.org/stable/c/11497fd69cd2282538ec6eb4cda1d16fc061233d
Restart Required: Yes
Instructions:
1. Update to patched kernel version from your distribution vendor. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable EFI variable loading for ACPI tables
linuxPrevent ACPI tables from being loaded from EFI variables
echo 0 > /sys/firmware/efi/efivars/SSDT* 2>/dev/null || true
🧯 If You Can't Patch
- Restrict physical and local access to systems
- Implement strict SELinux/AppArmor policies to limit kernel module loading and ACPI operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it includes the vulnerable commit: uname -r && grep -q '3881ee0b1edc' /proc/versionCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is newer than patched versions and check for absence of vulnerable commit: uname -r && ! grep -q '3881ee0b1edc' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to ACPI
- KASAN reports of use-after-free in efi/ssdt
- System crashes during ACPI operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("ACPI" OR "efi" OR "KASAN") AND ("panic" OR "crash" OR "use-after-free")