CVE-2022-50467
📋 TL;DR
A null pointer dereference vulnerability in the Linux kernel's lpfc SCSI driver allows local attackers to cause a kernel panic (denial of service) by triggering an error condition during Fibre Channel discovery. This affects systems using the lpfc driver for Emulex Fibre Channel host bus adapters. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Linux kernel with lpfc driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker causes kernel panic leading to system crash and denial of service, potentially requiring physical reboot.
Likely Case
Local user or process triggers kernel panic through abnormal Fibre Channel operations, causing temporary service disruption.
If Mitigated
With proper access controls limiting local user privileges, impact is minimal as only authorized users could trigger the condition.
🎯 Exploit Status
Requires local access and ability to trigger specific error conditions in Fibre Channel discovery. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 04e7cd8c85636a329d1a6e5a269a7c8b6f71c41c, 59b7e210a522b836a01516c71ee85d1d92c1f075, 82dc1fe4324e2c897f2ed1c66f4fcff03094ac3a
Vendor Advisory: https://git.kernel.org/stable/c/04e7cd8c85636a329d1a6e5a269a7c8b6f71c41c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Unload lpfc driver
linuxRemove the vulnerable driver if Fibre Channel functionality is not required
modprobe -r lpfc
Blacklist lpfc driver
linuxPrevent lpfc driver from loading at boot
echo 'blacklist lpfc' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems with Emulex HBAs
- Monitor for kernel panic events and investigate root causes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if lpfc module is loaded: lsmod | grep lpfc && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and lpfc module version is updated📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- lpfc driver error messages
Network Indicators:
- Unexpected Fibre Channel disconnections or errors
SIEM Query:
search 'kernel panic' OR 'lpfc' AND 'null pointer' OR 'dereference'