#VU104620 NULL pointer dereference in Linux kernel - CVE-2022-49055
Vulnerability identifier: #VU104620
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0a692c625e373fef692ffbc7fc41f8a025f01cb7
https://git.kernel.org/stable/c/1d7a5aae884ca727d41c7ed15d4c82fdb67c040c
https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e
https://git.kernel.org/stable/c/40bf32dbfef866c83a3e74800b81d79e52b6d20b
https://git.kernel.org/stable/c/94869bb0de69a812f70231b0eb480bb2f7ae73a6
https://git.kernel.org/stable/c/c7a268b33882d5feaafd29c1734456f41ba41396
https://git.kernel.org/stable/c/ebbb7bb9e80305820dc2328a371c1b35679f2667
https://git.kernel.org/stable/c/f2658d5966bcee8c3eb487875f459756d4f7cdfc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
