CVE-2022-49645 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the Panfrost driver which handles GPU operations for ARM Mali GPUs. The flaw arises from improper handling of the madvise IOCTL (Input/Output Control) system call on buffer objects (BO). When the madvise IOCTL is called twice on the same BO, it causes corruption of the kernel's memory shrinker list. This occurs because the BO is already present on the shrinker list and is added again without being removed first, violating the expected list management protocol. The consequence is a kernel crash due to list corruption, leading to a denial of service (DoS) condition. This vulnerability is a memory management bug that affects the stability of the kernel and can be triggered by unprivileged users with access to the madvise IOCTL interface on affected systems. The issue has been fixed by ensuring that the BO is properly removed from the shrinker list before being re-added, preventing list corruption and subsequent kernel crashes. No known exploits are currently reported in the wild, and the vulnerability does not have an assigned CVSS score. The affected versions appear to be specific kernel commits identified by hash, indicating the flaw was present in certain Linux kernel versions prior to the patch date of February 26, 2025.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the vulnerable Panfrost driver enabled, which is common in ARM-based devices such as embedded systems, IoT devices, and some mobile or edge computing platforms. The impact is mainly a denial of service through kernel crashes, which can disrupt critical services, cause system downtime, and potentially lead to data loss if systems are not properly hardened or monitored. While the vulnerability does not directly allow privilege escalation or remote code execution, the resulting instability could be leveraged as part of a larger attack chain or cause operational disruptions in environments relying on ARM-based Linux systems. Organizations in sectors such as telecommunications, manufacturing, automotive, and critical infrastructure that use ARM Linux devices could be affected. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability and security.

To mitigate CVE-2022-49645, organizations should: 1) Apply the official Linux kernel patches that fix the madvise IOCTL handling in the Panfrost driver as soon as they become available from trusted sources or distributions. 2) Identify and inventory all ARM-based Linux systems using the Panfrost driver to assess exposure. 3) Limit access to the madvise IOCTL interface by enforcing strict user permissions and employing mandatory access controls (e.g., SELinux, AppArmor) to restrict unprivileged users from invoking potentially harmful IOCTL calls. 4) Monitor system logs and kernel crash reports for signs of exploitation attempts or instability related to the madvise IOCTL. 5) For embedded or IoT devices, coordinate with vendors to ensure firmware updates include the fix. 6) Implement robust system recovery and backup procedures to minimize downtime in case of crashes. 7) Consider network segmentation for vulnerable devices to reduce attack surface and impact scope.