#VU104510 Out-of-bounds read in Linux kernel - CVE-2022-49478

Vulnerability identifier: #VU104510

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49478

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pvr2_hdw_create() function in drivers/media/usb/pvrusb2/pvrusb2-hdw.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1310fc3538dcc375a2f46ef0a438512c2ca32827
https://git.kernel.org/stable/c/24e807541e4a9263ed928e6ae3498de3ad43bd1e
https://git.kernel.org/stable/c/2e004fe914b243db41fa96f9e583385f360ea58e
https://git.kernel.org/stable/c/3309c2c574e13b21b44729f5bdbf21f60189b79a
https://git.kernel.org/stable/c/4351bfe36aba9fa7dc9d68d498d25d41a0f45e67
https://git.kernel.org/stable/c/471bec68457aaf981add77b4f590d65dd7da1059
https://git.kernel.org/stable/c/a3304766d9384886e6d3092c776273526947a2e9
https://git.kernel.org/stable/c/a3660e06675bccec4bf149c7229ea1d491ba10d7
https://git.kernel.org/stable/c/f99a8b1ec0eddc2931aeaa4f490277a15b39f511

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.