Cyber Resilience

CVE-2022-49645

High

Published: 26 February 2025

Published
26 February 2025
Modified
23 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 25.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49645 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49645 is a vulnerability in the Linux kernel's drm/panfrost driver, which handles graphics processing for Arm Mali GPUs. The issue arises when the madvise IOCTL is called twice on the same buffer object (BO), leading to corruption of the memory shrinker list. Specifically, the BO is added to the list a second time without first being removed, resulting in kernel instability. This flaw is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by invoking the madvise IOCTL twice on a targeted BO. This triggers the list corruption, potentially causing a kernel crash and enabling high-impact effects on confidentiality, integrity, and availability, such as denial of service or further memory corruption that could facilitate privilege escalation.

Mitigation requires applying the relevant upstream patches from the Linux kernel stable branches, as detailed in the following commit references: https://git.kernel.org/stable/c/0581613df7f9a4c5fac096ce1d5fb15b7b994240, https://git.kernel.org/stable/c/1807d8867402a58b831a7fc16832747ff559a0d1, https://git.kernel.org/stable/c/393594aad55179eb761af41533d8d1d6eb4543b0, https://git.kernel.org/stable/c/9fc33eaaa979d112d10fea729edcd2a2e21aa912, and https://git.kernel.org/stable/c/f036392edd9c49090781d8cca26ad6557a63bae4. Systems using the panfrost driver should update to a patched kernel version to prevent exploitation.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix shrinker list corruption by madvise IOCTL Calling madvise IOCTL twice on BO causes memory shrinker list corruption and crashes kernel because BO is already on the list and…

more

it's added to the list again, while BO should be removed from the list before it's re-added. Fix it.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel memory corruption via madvise IOCTL directly enables privilege escalation (T1068) and endpoint DoS through system exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47640Same product: Linux Linux Kernel
CVE-2026-23194Same product: Linux Linux Kernel
CVE-2026-31505Same product: Linux Linux Kernel
CVE-2026-23323Same product: Linux Linux Kernel
CVE-2026-23422Same product: Linux Linux Kernel
CVE-2022-49722Same product: Linux Linux Kernel
CVE-2026-31698Same product: Linux Linux Kernel
CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2022-49612Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.19 · 5.4 — 5.4.207 · 5.5 — 5.10.132 · 5.11 — 5.15.56

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and patching of kernel flaws like CVE-2022-49645 in the panfrost driver to prevent madvise IOCTL-induced list corruption.

prevent

Enables vulnerability scanning to detect unpatched instances of CVE-2022-49645 in Linux kernels using the panfrost driver, facilitating proactive remediation.

detect

Supports monitoring for kernel crashes or anomalies resulting from memory shrinker list corruption exploited via repeated madvise IOCTL calls on buffer objects.

References