#VU104507 Out-of-bounds read in Linux kernel - CVE-2022-49425

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104507

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49425

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the f2fs_drop_inmem_page() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2aaf51dd39afb6d01d13f1e6fe20b684733b37d5
https://git.kernel.org/stable/c/385edd3ce5b4b1e9d31f474a5e35a39779ec1110
https://git.kernel.org/stable/c/45b2b7d7108ae1e25a5036cab04ab9273e792332
https://git.kernel.org/stable/c/51d584704d18e60fa473823654f35611c777b291
https://git.kernel.org/stable/c/5e47a7add3dda7f236548c5ec3017776dc2a729f
https://git.kernel.org/stable/c/b26e1c777890e4b938136deb8ec07a29f33862e4
https://git.kernel.org/stable/c/ed7efc472c00986dcd6903ab6ed165c7fa167674

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS SP4 update for kernel

Out-of-bounds read in Linux kernel f2fs