CVE-2022-49029 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
Smatch report warning as follows:
drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list
If ibmpex_find_sensors() fails in ibmpex_register_bmc(), data will be freed, but data->list will not be removed from driver_data.bmc_data, then list traversal may cause UAF.
Fix by removeing it from driver_data.bmc_data before free().
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability CVE-2022-49029 represents a use-after-free condition in the Linux kernel's hardware monitoring subsystem, specifically within the ibmpex driver module. This issue affects the IBM Power eXtended (ibmpex) hardware monitoring driver which is responsible for managing hardware sensors and monitoring systems in IBM Power systems. The vulnerability stems from improper handling of memory management during the registration process of BMC (Baseboard Management Controller) sensors, creating a potential security risk that could be exploited by malicious actors with local access to the system.
The technical flaw manifests in the ibmpex_register_bmc() function where the driver fails to properly remove a data structure from a linked list before freeing the associated memory. When ibmpex_find_sensors() encounters an error during sensor detection, the function attempts to clean up resources by freeing the data structure, but neglects to remove the data->list entry from the driver_data.bmc_data list. This creates a dangling pointer situation where references to freed memory may still exist in the list structure, potentially leading to memory corruption when the system attempts to traverse or access these freed resources.
The operational impact of this vulnerability extends beyond simple memory corruption, as it could enable privilege escalation attacks or system instability. According to CWE-416, this vulnerability maps to Use-After-Free conditions where memory is accessed after it has been freed, a common class of vulnerabilities that can lead to arbitrary code execution. The ATT&CK framework categorizes this under privilege escalation techniques, as local attackers could potentially exploit the memory corruption to gain elevated privileges within the system. The vulnerability specifically affects systems running Linux kernels with the ibmpex driver enabled, particularly IBM Power systems that rely on hardware monitoring capabilities.
Mitigation strategies for CVE-2022-49029 involve applying the kernel patch that ensures proper list management before memory deallocation. The fix implemented by the Linux kernel team requires removing the data->list entry from the driver_data.bmc_data list before freeing the memory structure, preventing the dangling pointer scenario. System administrators should prioritize updating their kernel versions to include this fix, particularly in enterprise environments where IBM Power systems are deployed. Additionally, monitoring for unusual system behavior or kernel panic messages that might indicate memory corruption should be implemented as part of routine security operations. Organizations should also consider implementing kernel lockdown mechanisms and access controls to limit potential exploitation opportunities, though the primary defense remains the kernel patch that addresses the root cause of the use-after-free condition.