Resource management error in Linux kernel irqchip driver

Published: 2025-02-26

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-49074
CWE-ID	CWE-399
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU104879

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49074

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gic_dist_base() and gic_do_wait_for_rwp() functions in drivers/irqchip/irq-gic-v3.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/0df6664531a12cdd8fc873f0cac0dcb40243d3e9
https://git.kernel.org/stable/c/3c07cc242baf83f0bddbbd9d7945d0bee56d8b57
https://git.kernel.org/stable/c/60e1eb4811f53f5f60c788297d978515e7a2637a
https://git.kernel.org/stable/c/6fef3e3179e6ed8fecdd004ede541674ffa7749d
https://git.kernel.org/stable/c/7218a789abb3e033f5f3a85636ca50d9ae7b0fc9
https://git.kernel.org/stable/c/c7daf1b4ad809692d5c26f33c02ed8a031066548
https://git.kernel.org/stable/c/ff24114bb08d8b90edf2aff0a4fd0689523e6c17

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.