Input validation error in Linux kernel mac80211



Published: 2024-10-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49022
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU99200

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-49022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_get_rate_duration() function in net/mac80211/airtime.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234
http://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019
http://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d
http://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###