CVE-2022-50525
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() The fsl_pamu_probe() returns directly when create_csd() failed, leaving irq and memories unreleased. Fix by jumping to error if create_csd() returns error.
Analysis
A resource leak vulnerability exists in the Linux kernel's FSL PAMU (Freescale Peripheral Access Management Unit) IOMMU driver where the fsl_pamu_probe() function fails to release IRQ and memory resources when the create_csd() function returns an error, allowing a local privileged attacker to cause a denial of service through resource exhaustion. The vulnerability affects multiple Linux kernel versions across stable branches and has an EPSS score of 0.01% (percentile 2%), indicating low real-world exploitation probability despite the moderate CVSS 5.5 score. Patches are available from the Linux kernel maintainers across multiple stable branches.
Technical Context
The vulnerability exists in the Freescale PAMU IOMMU driver (iommu/fsl_pamu), which manages memory access control for peripheral devices on Freescale-based systems. The root cause is classified as CWE-401 (Missing Release of Memory after Effective Lifetime), a resource management defect where allocated resources (IRQ handlers and memory regions) are not properly released in error handling paths. When the create_csd() function fails during device probing, the code returns directly without executing cleanup code (likely devm_free_irq() and iounmap() calls) that would normally deallocate the IRQ and memory-mapped I/O regions. This is a common kernel driver pattern failure where error paths bypass resource cleanup. The affected products are Linux kernel versions across multiple stable series, as indicated by the CPE strings cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* repeated across multiple entries, suggesting the vulnerability affects a broad range of kernel versions.
Affected Products
The vulnerability affects Linux kernel versions across multiple stable branches, including kernels prior to specific patch versions in the 4.x, 5.x, and newer series. The CPE entries (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*) indicate broad version coverage without specific upper-bound versions listed, suggesting the vulnerability was fixed in incremental stable kernel updates. Patches are available in multiple kernel.org stable branches via commits 0d240ac0e4c3, 17fd440594961, 73f5fc5f884a, 9238b687fd62, 9fbccdf2fefa, a305d0e4d0ce, c9398323056288, de7eb5500979, and e42b543d08052 across different stable kernel versions. Systems using Freescale/NXP-based platforms with PAMU IOMMU hardware are specifically affected.
Remediation
Upgrade the Linux kernel to a patched version containing one of the available fixes from the kernel.org stable branches (commits referenced: 0d240ac0e4c35d3f64fc782c11433138c1bd016e, 17fd440594961c5e2ea0f58591bc1bdba0629c75, 73f5fc5f884ad0c5f7d57f66303af64f9f002526, 9238b687fd62cde14c6e2e8576a40e4246de7ebe, 9fbccdf2fefa3944dd8ba8c6a808b387787f3917, a305d0e4d0ce3166e31d7dbcb4c98b09cad6d49a, c9398323056288, de7eb55009796687fc0a1670e0b944fa8ed54e9b, or e42b543d08052c3b223bcfb48f05cbaf0b767f86). Check your current kernel version against the stable branch release notes at https://git.kernel.org/stable/ to identify the minimum fixed version for your branch. Because the vulnerability requires local privilege to trigger and affects only Freescale PAMU-equipped systems, standard security patching schedules are appropriate; emergency out-of-cycle patching is not warranted. No practical workarounds exist aside from upgrading the kernel, though restricting local user access on affected systems provides marginal mitigation.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today