NULL pointer dereference in Linux kernel net driver



Published: 2024-08-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-48914
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU96421

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48914

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xennet_close(), xennet_poll_controller() and xennet_destroy_queues() functions in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/198cdc287769c717dafff5887c6125cb7a373bf3
http://git.kernel.org/stable/c/b40c912624775a21da32d1105e158db5f6d0554a
http://git.kernel.org/stable/c/a1753d5c29a6fb9a8966dcf04cb4f3b71e303ae8
http://git.kernel.org/stable/c/a63eb1e4a2e1a191a90217871e67fba42fd39255
http://git.kernel.org/stable/c/47e2f166ed9fe17f24561d6315be2228f6a90209
http://git.kernel.org/stable/c/dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###