CVE-2022-50463
📋 TL;DR
This CVE describes a resource leak vulnerability in the Linux kernel's powerpc/52xx subsystem where the mpc52xx_lpbfifo_probe() function fails to call free_irq() in its error handling path after a failed request_irq(). This creates a memory leak that could lead to system instability or denial of service. The vulnerability affects systems running Linux kernels with PowerPC 52xx architecture support.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could exhaust kernel memory resources, leading to system crashes, kernel panics, or denial of service conditions.
Likely Case
Memory leak accumulates over time during device initialization failures, potentially causing system instability or performance degradation.
If Mitigated
With proper kernel hardening and memory limits, impact is limited to potential service interruptions during device initialization failures.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the specific error path in device initialization. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits (0accd460dc7bbe5f55e41a8867c63db9d07b3ec8 and related)
Vendor Advisory: https://git.kernel.org/stable/c/0accd460dc7bbe5f55e41a8867c63db9d07b3ec8
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Disable affected module
linuxPrevent loading of the vulnerable mpc52xx_lpbfifo module if not required
echo 'blacklist mpc52xx_lpbfifo' >> /etc/modprobe.d/blacklist.conf
rmmod mpc52xx_lpbfifo
🧯 If You Can't Patch
- Restrict local user access to minimize potential exploitation
- Implement kernel memory monitoring and alerts for unusual memory consumption
🔍 How to Verify
Check if Vulnerable:
Check if system uses PowerPC 52xx architecture and has the vulnerable kernel version: uname -a and check architectureCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- Memory allocation failures in kernel logs
- Device initialization failure logs for mpc52xx devices
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("mpc52xx" OR "lpbfifo" OR "request_irq failed")🔗 References
- https://git.kernel.org/stable/c/0accd460dc7bbe5f55e41a8867c63db9d07b3ec8
- https://git.kernel.org/stable/c/40b4be399e0db7073dec5a0de5ca9994f7e31e58
- https://git.kernel.org/stable/c/5836947613ef33d311b4eff6a32d019580a214f5
- https://git.kernel.org/stable/c/9bf842ffdd216b9f94d5b051b5d8b815f2426538
- https://git.kernel.org/stable/c/be9caf2c936f15a9c3f9111e62bdde6357312f90
- https://git.kernel.org/stable/c/cbda93665a3857324f5c79e45769a83c78183199
- https://git.kernel.org/stable/c/e4002f293e5b44e57d2930513cca0dff32249812
- https://git.kernel.org/stable/c/f4ad0a7f0e78d65d38921ab2bef234e49be78b10
- https://git.kernel.org/stable/c/fb3ef6a5af4b003502c940ea50c0f55b06ebbfc9
