SB2024071774 - Improper locking in Linux kernel vmw_vsock
Published: July 17, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071774
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-48786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
- https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
- https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
- https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
- https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
- https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
- https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
- https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.303
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.181