CVE-2022-50540 – A kernel panic vulnerability in the Linux kerne... (How to Fix)

Q: What is the severity of CVE-2022-50540?

CVE-2022-50540 has a CVSS score of 5.5 (MEDIUM). A kernel panic vulnerability in the Linux kernel's QCOM ADM DMA driver allows denial of service attacks. The vulnerability affects Linux systems using the Qualcomm ADM DMA controller driver due to incorrect pointer size comparison that ignores CRCI values. This can cause kernel crashes when specific DMA operations are performed.

📋 TL;DR

A kernel panic vulnerability in the Linux kernel's QCOM ADM DMA driver allows denial of service attacks. The vulnerability affects Linux systems using the Qualcomm ADM DMA controller driver due to incorrect pointer size comparison that ignores CRCI values. This can cause kernel crashes when specific DMA operations are performed.

💻 Affected Systems

Products:

Linux kernel with QCOM ADM DMA driver

Versions: Linux kernel versions containing the vulnerable code (specific version range not specified in CVE, but patches available in stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Qualcomm ADM DMA hardware and when the driver is loaded/used. Embedded systems and mobile devices with Qualcomm chips are most likely affected.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, requiring physical or remote reboot to restore functionality.

🟠

Likely Case

System instability or crashes when DMA operations are performed with affected hardware, causing service disruption.

🟢

If Mitigated

Minimal impact if systems don't use the affected QCOM ADM DMA driver or have the patch applied.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific DMA operations, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with appropriate permissions could trigger kernel panic, affecting system availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger DMA operations through the affected driver, typically requiring local access and appropriate permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in Linux kernel stable releases (commits: 7490274b41a4, 7c8765308371, f1dd45a6585a)

Vendor Advisory: https://git.kernel.org/stable/c/7490274b41a432824f7df5071ace3df2ab59caa7

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official kernel.org or distribution repositories. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable QCOM ADM DMA driver

linux

Prevent loading of the vulnerable driver module if not required

echo 'blacklist qcom_adm' >> /etc/modprobe.d/blacklist.conf
rmmod qcom_adm

🧯 If You Can't Patch

Restrict local user access to systems using the affected driver
Monitor system logs for kernel panic events and implement high availability solutions

🔍 How to Verify

Check if Vulnerable:

Check if QCOM ADM driver is loaded: lsmod | grep qcom_adm AND check kernel version against patched releases

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and test DMA operations with affected hardware

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
System crash/reboot events
DMA operation failures

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND "panic" AND "qcom_adm" OR "DMA"

📊 Metadata

CVE ID: CVE-2022-50540

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Published: October 7, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON