CVE-2022-49029 is a use-after-free (UAF) vulnerability identified in the Linux kernel's hardware monitoring (hwmon) subsystem, specifically within the ibmpex driver. The vulnerability arises in the function ibmpex_register_bmc(), which is responsible for registering Baseboard Management Controller (BMC) sensors. If the function ibmpex_find_sensors() fails during this registration process, the allocated data structure is freed, but a linked list node (data->list) is not properly removed from the driver_data.bmc_data list. This improper cleanup leads to a dangling pointer in the list, which can cause a use-after-free condition when the list is later traversed. Such UAF vulnerabilities can lead to undefined behavior including kernel crashes, memory corruption, or potentially privilege escalation if exploited. The root cause is a missing removal of the list element before freeing the associated memory. The fix involves ensuring that data->list is removed from the linked list before the data structure is freed, preventing the UAF scenario. This vulnerability affects specific Linux kernel versions identified by the commit hash 57c7c3a0fdea95eddcaeba31e7ca7dfc917682ab and likely related kernel releases around that commit. There are no known exploits in the wild as of the publication date, and no CVSS score has been assigned yet. The vulnerability was publicly disclosed on October 21, 2024.

For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with the ibmpex driver enabled, which is typically found on IBM hardware platforms or systems using IBM BMC sensors. Exploitation could lead to kernel memory corruption, causing system instability or crashes, which can disrupt critical services. In a worst-case scenario, attackers might leverage this vulnerability to escalate privileges to kernel level, gaining full control over the affected system. This is particularly concerning for data centers, cloud providers, and enterprises relying on IBM hardware or Linux-based infrastructure for critical operations. The impact extends to confidentiality, integrity, and availability of systems, as kernel-level compromise can bypass most security controls. Given the lack of known exploits, the immediate threat may be low, but the vulnerability's nature means it could be targeted once exploit code becomes available. European organizations with sensitive data or critical infrastructure should prioritize remediation to avoid potential exploitation.

Organizations should promptly identify Linux systems running affected kernel versions with the ibmpex driver enabled. Applying the official Linux kernel patches that fix the UAF condition is the most effective mitigation. If immediate patching is not feasible, consider disabling the ibmpex driver if it is not required for system operation, to eliminate the attack surface. Additionally, implement kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and enable security modules like SELinux or AppArmor to reduce exploitation likelihood. Regularly monitor system logs for unusual kernel errors or crashes that might indicate exploitation attempts. For environments using IBM hardware, coordinate with hardware vendors for firmware updates or advisories related to BMC sensor management. Finally, maintain robust incident response plans to quickly address any signs of compromise related to kernel vulnerabilities.