#VU104588 NULL pointer dereference in Linux kernel - CVE-2022-49491


Vulnerability identifier: #VU104588

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49491

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vop_bind() function in drivers/gpu/drm/rockchip/rockchip_drm_vop.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/3451852312303d54a003c73bd0ae39cebb960bd5
https://git.kernel.org/stable/c/452922955df215a417c80d09dab72bbc667a1861
https://git.kernel.org/stable/c/6ff986e057bf28e2f7690dad410768b2270f9453
https://git.kernel.org/stable/c/769c53bb6116d0eaec0f1fe4ec4b27a74465cad1
https://git.kernel.org/stable/c/a9b4599665e437de8a1152799c34841b799a2e1c
https://git.kernel.org/stable/c/b54926bd558d97c888c3d2d87886f3c159d3254a
https://git.kernel.org/stable/c/ecfa52654d0c9c333c1fe1611f47105f6bce9591
https://git.kernel.org/stable/c/f8c242908ad15bbd604d3bcb54961b7d454c43f8
https://git.kernel.org/stable/c/fcd6a886443730c39170b8383411e52118aec0a3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
NULL pointer dereference in Linux kernel drm rockchip driver