CVE-2022-50570

Vulnerability

The Linux kernel's platform/chrome driver contains a memory corruption vulnerability in its ioctl handler. The root cause is the failure to validate the s_mem.bytes field against the size of the allocated buffer. If a user provides a value larger than the buffer, it results in memory corruption [1][2].

Exploitation

Exploitation requires local access to the affected device and the ability to issue ioctl calls to the platform/chrome driver. No special privileges are necessary if the device file is accessible. An attacker can craft an ioctl command with an oversized s_mem.bytes value to trigger an out-of-bounds write or read, corrupting kernel memory.

Impact

Memory corruption in the kernel can lead to system crashes (denial of service) or, potentially, privilege escalation if an attacker can control the corrupted memory to achieve arbitrary code execution [Description].

Mitigation

The vulnerability has been patched in the Linux kernel stable tree via commits [1] and [2]. Users should update their kernel to a version containing these fixes. There is no known workaround short of applying the patch.