CVE-2022-50474
📋 TL;DR
This is a memory leak vulnerability in the Linux kernel's macintosh subsystem. When device registration fails in macio_add_one_device(), dynamically allocated device names aren't properly freed, leading to gradual memory exhaustion. This affects systems using PowerPC-based Apple hardware with Linux kernels containing the vulnerable code.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service requiring reboot.
Likely Case
Gradual memory consumption over time causing performance degradation, potentially leading to system instability if triggered repeatedly.
If Mitigated
Minimal impact with proper monitoring and memory limits in place; system remains functional but may experience performance issues.
🎯 Exploit Status
Exploitation requires triggering device registration failures in the macio subsystem, which typically requires local access or specific hardware conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commit 19ded60b40e86b0903c8d5bd0161437ed5107a8b or later
Vendor Advisory: https://git.kernel.org/stable/c/19ded60b40e86b0903c8d5bd0161437ed5107a8b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply commit 19ded60b40e86b0903c8d5bd0161437ed5107a8b. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable macintosh subsystem
linuxRemove macintosh device support if not needed on PowerPC Apple hardware
echo "blacklist macintosh" >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
🧯 If You Can't Patch
- Implement memory usage monitoring and alerts for kernel memory exhaustion
- Restrict local user access to systems running vulnerable kernels
🔍 How to Verify
Check if Vulnerable:
Check kernel version and CONFIG_PPC_PMAC setting: uname -r && grep CONFIG_PPC_PMAC /boot/config-$(uname -r)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: uname -r should be newer than vulnerable versions with the fix backported📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings in dmesg
- Repeated device registration failures
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR "macio" AND "failed")🔗 References
- https://git.kernel.org/stable/c/19ded60b40e86b0903c8d5bd0161437ed5107a8b
- https://git.kernel.org/stable/c/2ac0a7059b7bcbed35bfffa34a82c9a9e99638ef
- https://git.kernel.org/stable/c/35858b87a943917fa30172aa4bf01ce7adbcb42c
- https://git.kernel.org/stable/c/3a866ff6fc2232c8e393cdb55ffb8ce947349e03
- https://git.kernel.org/stable/c/5ca86eae55a2f006e6c1edd2029b2cacb6979515
- https://git.kernel.org/stable/c/76837e7f6b30da72ad59f56291e22804a219e015
- https://git.kernel.org/stable/c/aa9054267366ff0a382d403d17728e21951ddbb9
- https://git.kernel.org/stable/c/b29a2f1dd33ae9b94821ab2f4d398b9081786748
- https://git.kernel.org/stable/c/ca765257feb89dacf604ced9cd233db5f865dee0
