#VU104564 NULL pointer dereference in Linux kernel - CVE-2022-49375


Vulnerability identifier: #VU104564

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49375

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_rtc_probe() function in drivers/rtc/rtc-mt6397.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/3867f0bbb94773d41e789257abec0d14f37da217
https://git.kernel.org/stable/c/58a729c55ce3a432eb827fdaa24c7909cd3b0a6b
https://git.kernel.org/stable/c/6ecd4d5c28408df36a1a6f0b1973f633c949ac1f
https://git.kernel.org/stable/c/79fa3f5758d8712df0678df98161f948fc4370e5
https://git.kernel.org/stable/c/82bfea344e8f7e9a0e0b1bf9af27552baa756620
https://git.kernel.org/stable/c/865051de2d9eaa50630e055b73921ceaf3c4a7fc
https://git.kernel.org/stable/c/d3b43eb505bffb8e4cdf6800c15660c001553fe6
https://git.kernel.org/stable/c/d77f28c1bc9d3043a52069fe42e4a26fbf961ebd
https://git.kernel.org/stable/c/da38e86d6cf6dd3bc65c602d998f357145aa1a0b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
NULL pointer dereference in Linux kernel rtc driver