CVE-2022-48995: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() There is a kmemleak when test the raydium_i2c_ts with bpf mock device: unreferenced object 0xffff88812d3675a0 (size 8): comm "python3", pid 349, jiffies 4294741067 (age 95.695s) hex dump (first 8 bytes): 11 0e 10 c0 01 00 04 00 ........ backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] driver_probe_device+0x49/0x120 [<00000000264fe082>] __device_attach_driver+0xf7/0x150 [<00000000f919423c>] bus_for_each_drv+0x114/0x180 [<00000000e067feca>] __device_attach+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 unreferenced object 0xffff88812d3675c8 (size 8): comm "python3", pid 349, jiffies 4294741070 (age 95.692s) hex dump (first 8 bytes): 22 00 36 2d 81 88 ff ff ".6-.... backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] driver_probe_device+0x49/0x120 [<00000000264fe082>] __device_attach_driver+0xf7/0x150 [<00000000f919423c>] bus_for_each_drv+0x114/0x180 [<00000000e067feca>] __device_attach+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 After BANK_SWITCH command from i2c BUS, no matter success or error happened, the tx_buf should be freed.
AI Analysis
Technical Summary
CVE-2022-48995 is a vulnerability identified in the Linux kernel specifically related to the raydium_ts_i2c driver, which handles I2C communication for Raydium touchscreen devices. The issue is a memory leak occurring in the raydium_i2c_send() function. The vulnerability manifests as a failure to free allocated memory buffers (tx_buf) after the BANK_SWITCH command on the I2C bus, regardless of whether the command succeeds or fails. This results in unreferenced kernel memory objects accumulating over time, as demonstrated by kmemleak reports during testing with a BPF mock device. The backtrace shows that the leak occurs during the allocation (__kmalloc) and subsequent operations in raydium_i2c_send and related probe functions. The root cause is the missing free operation for the tx_buf after the BANK_SWITCH command, which leads to kernel memory not being released properly. While this is not a direct code execution or privilege escalation vulnerability, the memory leak can degrade system stability and reliability, potentially leading to denial of service (DoS) conditions if exploited or triggered repeatedly. The vulnerability affects Linux kernel versions containing the raydium_i2c_ts driver code prior to the fix, which was published on October 21, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-48995 primarily concerns systems running Linux kernels with the raydium_i2c_ts touchscreen driver enabled. This includes embedded devices, industrial control systems, and possibly some laptops or tablets using Raydium touchscreen hardware. The memory leak can cause gradual degradation of system performance and stability, potentially leading to kernel crashes or system reboots if the leak exhausts kernel memory. This could disrupt critical business operations, especially in sectors relying on embedded Linux devices such as manufacturing, healthcare, transportation, and telecommunications. Although the vulnerability does not directly allow code execution or privilege escalation, the resulting denial of service could be leveraged as part of a broader attack chain or cause operational downtime. European organizations with extensive Linux deployments in IoT or embedded environments should be aware of this risk. The lack of known exploits reduces immediate threat but patching remains important to maintain system integrity and availability.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes the memory leak in the raydium_i2c_send() function as soon as it becomes available from trusted Linux kernel maintainers or distribution vendors. 2. For organizations using custom or embedded Linux builds, ensure the raydium_i2c_ts driver is updated and rebuilt with the fix included. 3. Monitor kernel memory usage and kmemleak reports on affected systems to detect abnormal memory consumption patterns that could indicate exploitation attempts or triggering of the leak. 4. Limit access to systems with vulnerable kernels, especially restricting unprivileged users from triggering I2C bus commands that could cause the leak. 5. Implement robust system monitoring and alerting to detect kernel instability or crashes that might result from memory exhaustion. 6. Coordinate with hardware vendors to confirm whether their devices use the raydium_i2c_ts driver and plan firmware or software updates accordingly. 7. Maintain up-to-date inventories of Linux kernel versions and drivers in use to quickly identify vulnerable systems.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2022-48995: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() There is a kmemleak when test the raydium_i2c_ts with bpf mock device: unreferenced object 0xffff88812d3675a0 (size 8): comm "python3", pid 349, jiffies 4294741067 (age 95.695s) hex dump (first 8 bytes): 11 0e 10 c0 01 00 04 00 ........ backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000006e631aee>] raydium_i2c_initialize.cold+0xbc/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] driver_probe_device+0x49/0x120 [<00000000264fe082>] __device_attach_driver+0xf7/0x150 [<00000000f919423c>] bus_for_each_drv+0x114/0x180 [<00000000e067feca>] __device_attach+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 unreferenced object 0xffff88812d3675c8 (size 8): comm "python3", pid 349, jiffies 4294741070 (age 95.692s) hex dump (first 8 bytes): 22 00 36 2d 81 88 ff ff ".6-.... backtrace: [<0000000068427125>] __kmalloc+0x46/0x1b0 [<0000000090180f91>] raydium_i2c_send+0xd4/0x2bf [raydium_i2c_ts] [<000000001d5c9620>] raydium_i2c_initialize.cold+0x223/0x3e4 [raydium_i2c_ts] [<00000000dc6fcf38>] raydium_i2c_probe+0x3cd/0x6bc [raydium_i2c_ts] [<00000000a310de16>] i2c_device_probe+0x651/0x680 [<00000000f5a96bf3>] really_probe+0x17c/0x3f0 [<00000000096ba499>] __driver_probe_device+0xe3/0x170 [<00000000c5acb4d9>] driver_probe_device+0x49/0x120 [<00000000264fe082>] __device_attach_driver+0xf7/0x150 [<00000000f919423c>] bus_for_each_drv+0x114/0x180 [<00000000e067feca>] __device_attach+0x1e5/0x2d0 [<0000000054301fc2>] bus_probe_device+0x126/0x140 [<00000000aad93b22>] device_add+0x810/0x1130 [<00000000c086a53f>] i2c_new_client_device+0x352/0x4e0 [<000000003c2c248c>] of_i2c_register_device+0xf1/0x110 [<00000000ffec4177>] of_i2c_notify+0x100/0x160 After BANK_SWITCH command from i2c BUS, no matter success or error happened, the tx_buf should be freed.
AI-Powered Analysis
Technical Analysis
CVE-2022-48995 is a vulnerability identified in the Linux kernel specifically related to the raydium_ts_i2c driver, which handles I2C communication for Raydium touchscreen devices. The issue is a memory leak occurring in the raydium_i2c_send() function. The vulnerability manifests as a failure to free allocated memory buffers (tx_buf) after the BANK_SWITCH command on the I2C bus, regardless of whether the command succeeds or fails. This results in unreferenced kernel memory objects accumulating over time, as demonstrated by kmemleak reports during testing with a BPF mock device. The backtrace shows that the leak occurs during the allocation (__kmalloc) and subsequent operations in raydium_i2c_send and related probe functions. The root cause is the missing free operation for the tx_buf after the BANK_SWITCH command, which leads to kernel memory not being released properly. While this is not a direct code execution or privilege escalation vulnerability, the memory leak can degrade system stability and reliability, potentially leading to denial of service (DoS) conditions if exploited or triggered repeatedly. The vulnerability affects Linux kernel versions containing the raydium_i2c_ts driver code prior to the fix, which was published on October 21, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-48995 primarily concerns systems running Linux kernels with the raydium_i2c_ts touchscreen driver enabled. This includes embedded devices, industrial control systems, and possibly some laptops or tablets using Raydium touchscreen hardware. The memory leak can cause gradual degradation of system performance and stability, potentially leading to kernel crashes or system reboots if the leak exhausts kernel memory. This could disrupt critical business operations, especially in sectors relying on embedded Linux devices such as manufacturing, healthcare, transportation, and telecommunications. Although the vulnerability does not directly allow code execution or privilege escalation, the resulting denial of service could be leveraged as part of a broader attack chain or cause operational downtime. European organizations with extensive Linux deployments in IoT or embedded environments should be aware of this risk. The lack of known exploits reduces immediate threat but patching remains important to maintain system integrity and availability.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes the memory leak in the raydium_i2c_send() function as soon as it becomes available from trusted Linux kernel maintainers or distribution vendors. 2. For organizations using custom or embedded Linux builds, ensure the raydium_i2c_ts driver is updated and rebuilt with the fix included. 3. Monitor kernel memory usage and kmemleak reports on affected systems to detect abnormal memory consumption patterns that could indicate exploitation attempts or triggering of the leak. 4. Limit access to systems with vulnerable kernels, especially restricting unprivileged users from triggering I2C bus commands that could cause the leak. 5. Implement robust system monitoring and alerting to detect kernel instability or crashes that might result from memory exhaustion. 6. Coordinate with hardware vendors to confirm whether their devices use the raydium_i2c_ts driver and plan firmware or software updates accordingly. 7. Maintain up-to-date inventories of Linux kernel versions and drivers in use to quickly identify vulnerable systems.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-22T01:27:53.637Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6862
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 12:56:38 AM
Last updated: 8/13/2025, 8:29:41 AM
Views: 8
Related Threats
CVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57702: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57701: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.