Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-48891 |
CWE-ID | CWE-667 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU96359
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the da9211_i2c_probe() function in drivers/regulator/da9211-regulator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/1c1afcb8839b91c09d211ea304faa269763b1f91
http://git.kernel.org/stable/c/f75cde714e0a67f73ef169aa50d4ed77d04f7236
http://git.kernel.org/stable/c/d443308edbfb6e9e757b478af908515110d1efd5
http://git.kernel.org/stable/c/d4aa749e046435f054e94ebf50cad143d6229fae
http://git.kernel.org/stable/c/470f6a9175f13a53810734658c35cc5bba33be01
http://git.kernel.org/stable/c/ad1336274f733a7cb1f87b5c5908165a2c14df53
http://git.kernel.org/stable/c/02228f6aa6a64d588bc31e3267d05ff184d772eb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.