Improper locking in Linux kernel trace
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49322 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU104696
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49322
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the trace_event_buffer_lock_reserve() and output_printk() functions in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/12025abdc8539ed9d5014e2d647a3fd1bd3de5cd
https://git.kernel.org/stable/c/1788e6dbb61286215442b1af99e51405a6206762
https://git.kernel.org/stable/c/40f9fde06b25884baa0c4bd138b909a9b67218b4
https://git.kernel.org/stable/c/43bfc4dccc416c964b53cbdc430e814f8b6f770b
https://git.kernel.org/stable/c/48c6ee7d6c614f09b2c8553a95eefef6ecf196e0
https://git.kernel.org/stable/c/9abf3db8bdb63ab545034148ef2118f4d088ca59
https://git.kernel.org/stable/c/9b534640a2c6a8d88168febc82ec6d161184f2ec
https://git.kernel.org/stable/c/be1f323fb9d9b14a505ca22d742d321769454de1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
