#VU104532 Out-of-bounds read in Linux kernel - CVE-2022-49073


Vulnerability identifier: #VU104532

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49073

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SATA_DWC_QCMD_MAX() function in drivers/ata/sata_dwc_460ex.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/234c0132f76f0676d175757f61b0025191a3d935
https://git.kernel.org/stable/c/3a8751c0d4e24129e72dcec0139e99833b13904a
https://git.kernel.org/stable/c/55e1465ba79562a191708a40eeae3f8082a209e3
https://git.kernel.org/stable/c/596c7efd69aae94f4b0e91172b075eb197958b99
https://git.kernel.org/stable/c/7aa8104a554713b685db729e66511b93d989dd6a
https://git.kernel.org/stable/c/8a05a6952ecd59aaa62cbdcdaf523ae2c8f436e8
https://git.kernel.org/stable/c/fc629224aa62f23849cae83717932985ac51232d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Out-of-bounds read in Linux kernel ata driver