#VU104547 NULL pointer dereference in Linux kernel - CVE-2022-49264


Vulnerability identifier: #VU104547

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49264

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bprm_stack_limits(), do_execveat_common() and kernel_execve() functions in fs/exec.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1290eb4412aa0f0e9f3434b406dc8e255da85f9e
https://git.kernel.org/stable/c/1fe82bfd9e4ce93399d815ca458b58505191c3e8
https://git.kernel.org/stable/c/27a6f495b63a1804cc71be45911065db7757a98c
https://git.kernel.org/stable/c/41f6ea5b9aaa28b740d47ffe995a5013211fdbb0
https://git.kernel.org/stable/c/98e0c7c702894987732776736c99b85ade6fba45
https://git.kernel.org/stable/c/a8054d3fa5deb84b215d6be1b910a978f3cb840d
https://git.kernel.org/stable/c/b50fb8dbc8b81aaa126387de428f4c42a7c72a73
https://git.kernel.org/stable/c/cfbfff8ce5e3d674947581f1eb9af0a1b1807950
https://git.kernel.org/stable/c/dcd46d897adb70d63e025f175a00a89797d31a43

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
NULL pointer dereference in Linux kernel fs