CVE-2022-50525 – A resource leak vulnerability in the Linux kern... (How to Fix)

Q: What is the severity of CVE-2022-50525?

CVE-2022-50525 has a CVSS score of 5.5 (MEDIUM). A resource leak vulnerability in the Linux kernel's Freescale PAMU (Peripheral Access Management Unit) IOMMU driver allows local attackers to cause denial of service through memory exhaustion. The vulnerability occurs when the fsl_pamu_probe() function fails to properly clean up IRQ and memory allocations if create_csd() fails during initialization. This affects systems using the affected Linux kernel versions with Freescale PAMU hardware.

📋 TL;DR

A resource leak vulnerability in the Linux kernel's Freescale PAMU (Peripheral Access Management Unit) IOMMU driver allows local attackers to cause denial of service through memory exhaustion. The vulnerability occurs when the fsl_pamu_probe() function fails to properly clean up IRQ and memory allocations if create_csd() fails during initialization. This affects systems using the affected Linux kernel versions with Freescale PAMU hardware.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches available for multiple stable branches

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Freescale PAMU hardware support enabled in kernel configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker causes kernel memory exhaustion leading to system crash or instability, potentially enabling denial of service attacks.

🟠

Likely Case

System instability or crash when the driver initialization fails, requiring reboot to restore functionality.

🟢

If Mitigated

Minimal impact with proper kernel hardening and resource limits in place.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the resource leak, potentially affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger driver initialization failure conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes (see references)

Vendor Advisory: https://git.kernel.org/stable/c/73f5fc5f884ad0c5f7d57f66303af64f9f002526

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Freescale PAMU support

linux

Remove or disable the fsl_pamu driver module if not required

modprobe -r fsl_pamu
echo 'blacklist fsl_pamu' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernel
Implement kernel hardening and resource limits to mitigate memory exhaustion impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if fsl_pamu module is loaded: 'uname -r' and 'lsmod | grep fsl_pamu'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and check patch commit is included

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to fsl_pamu
Memory allocation failures in kernel logs
System instability after driver initialization

Network Indicators:

None - local vulnerability only

SIEM Query:

kernel:("fsl_pamu" OR "PAMU") AND ("panic" OR "oops" OR "memory allocation failure")

📊 Metadata

CVE ID: CVE-2022-50525

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: October 7, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50525, you might also want to check these: