#VU104597 NULL pointer dereference in Linux kernel - CVE-2022-49527

Vulnerability identifier: #VU104597

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49527

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hfi_core_deinit() function in drivers/media/platform/qcom/venus/hfi.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0ac84ab50712879eac3c1dd2598440652a85d3d0
https://git.kernel.org/stable/c/0ed5a643b1a4a46b9b7bfba5d468c10cc30e1359
https://git.kernel.org/stable/c/2533acb652359c9e097dfa33587896af782e8a91
https://git.kernel.org/stable/c/27ad46da44177a78a4a0cae6fe03906888c61aa1
https://git.kernel.org/stable/c/86594f6af867b5165d2ba7b5a71fae3a5961e56c
https://git.kernel.org/stable/c/9c385b961d4c378228e80f6abea8509cb67feab6
https://git.kernel.org/stable/c/a21d15dde21d7e8ae047eb8368677407db45d840
https://git.kernel.org/stable/c/b73ed0510bb8d9647cd8e8a4c4c8772bbe545c3a

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.