The Linux kernel is a critical component of the operating system, responsible for managing hardware resources and providing services to applications. The vulnerability described in CVE-2022-50420 is a resource leak in the hpre_remove() function, which can lead to unauthorized access to sensitive data.
You're affected if you use Linux kernel versions prior to 5.18. This is niche software, so if you don't recognize the name, you're probably not affected. Check with your Linux distribution's documentation or contact their support team for more information.
Version info: Not specified in the advisory.
To fix this vulnerability, you can apply the patches from the following URLs:
- https://git.kernel.org/stable/c/2b3e3ecdb402ff1053ee25b598ff21b9ddf4384f
- https://git.kernel.org/stable/c/45e6319bd5f2154d8b8c9f1eaa4ac030ba0d330c
- https://git.kernel.org/stable/c/4e0de941d252d4e7c985981e78480c8d6f020b64
- https://git.kernel.org/stable/c/cb873c93a7ad27681920bf062ef052fca1e8d5b1
Immediate mitigations:
- Update to Linux kernel version 5.18 or later.
- Verify that the hpre_remove() function is not called with the disable operation set to qm sriov.