#VU104555 NULL pointer dereference in Linux kernel - CVE-2022-49302

Vulnerability identifier: #VU104555

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49302

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the isp116x_remove() function in drivers/usb/host/isp116x-hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e
https://git.kernel.org/stable/c/3592cfd8b848bf0c4d7740d78a87a7b8f6e1fa9a
https://git.kernel.org/stable/c/3825db88d8c704e7992b685618a03f82bffcf2ef
https://git.kernel.org/stable/c/7bffda1560a6f255fdf504e059fbbdb5d46b9e44
https://git.kernel.org/stable/c/804de302ada3544699c5f48c5314b249af76faa3
https://git.kernel.org/stable/c/82a101f14943f479fd190b1e5b40d91c77e2ac1b
https://git.kernel.org/stable/c/aca0cab0e9ed33b6371aafb519a6c38f2850ffc3
https://git.kernel.org/stable/c/c91a74b1f0f2d2d7e728742ae55e3ffe9ba7853d
https://git.kernel.org/stable/c/ee105039d3653444de4d3ede642383c92855dc1e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.