#VU104571 NULL pointer dereference in Linux kernel - CVE-2022-49429


Vulnerability identifier: #VU104571

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49429

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hfi1_write_iter() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f
https://git.kernel.org/stable/c/22e7e400fd1a890db2ea13686324aff50e972f4f
https://git.kernel.org/stable/c/29952ab85d6c3fe0b7909d9a737f10c58bf6824d
https://git.kernel.org/stable/c/32e6aea33944f364d51cd263e4cd236393a188b6
https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762
https://git.kernel.org/stable/c/629e052d0c98e46dde9f0824f0aa437f678d9b8f
https://git.kernel.org/stable/c/cc80d3c37cec9d6ddb140483647901bc7cc6c31d
https://git.kernel.org/stable/c/e60ad83f645ee6fadd5a8057ba267aeec54f08fe

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
NULL pointer dereference in Linux kernel hw hfi1 driver