CVE-2022-49645
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix shrinker list corruption by madvise IOCTL Calling madvise IOCTL twice on BO causes memory shrinker list corruption and crashes kernel because BO is already on the list and it's added to the list again, while BO should be removed from the list before it's re-added. Fix it.
Security Summary
CVE-2022-49645 is a vulnerability in the Linux kernel's drm/panfrost driver, which handles graphics processing for Arm Mali GPUs. The issue arises when the madvise IOCTL is called twice on the same buffer object (BO), leading to corruption of the memory shrinker list. Specifically, the BO is added to the list a second time without first being removed, resulting in kernel instability. This flaw is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability by invoking the madvise IOCTL twice on a targeted BO. This triggers the list corruption, potentially causing a kernel crash and enabling high-impact effects on confidentiality, integrity, and availability, such as denial of service or further memory corruption that could facilitate privilege escalation.
Mitigation requires applying the relevant upstream patches from the Linux kernel stable branches, as detailed in the following commit references: https://git.kernel.org/stable/c/0581613df7f9a4c5fac096ce1d5fb15b7b994240, https://git.kernel.org/stable/c/1807d8867402a58b831a7fc16832747ff559a0d1, https://git.kernel.org/stable/c/393594aad55179eb761af41533d8d1d6eb4543b0, https://git.kernel.org/stable/c/9fc33eaaa979d112d10fea729edcd2a2e21aa912, and https://git.kernel.org/stable/c/f036392edd9c49090781d8cca26ad6557a63bae4. Systems using the panfrost driver should update to a patched kernel version to prevent exploitation.
Details
- CWE(s)