Input validation error in Linux kernel f2fs



Published: 2024-08-21
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-48877
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU96369

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48877

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_lookup_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692
http://git.kernel.org/stable/c/ff85a1dbd90d29f73033177ff8d8de4a27d9721c
http://git.kernel.org/stable/c/557e85ff9afef6d45020b6f09357111d38033c31
http://git.kernel.org/stable/c/72009139a661ade5cb1da4239734ed02fa1cfff0
http://git.kernel.org/stable/c/2c129e868992621a739bdd57a5bffa3985ef1b91
http://git.kernel.org/stable/c/1c38cdc747f00daf7394535eae5afc4c503c59bb
http://git.kernel.org/stable/c/df9d44b645b83fffccfb4e28c1f93376585fdec8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###