#VU104658 Improper locking in Linux kernel - CVE-2022-49441


Vulnerability identifier: #VU104658

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49441

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tty_buffer_alloc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/04ee31678c128a6cc7bb057ea189a8624ba5a314
https://git.kernel.org/stable/c/0bcf44903ef4df742dcada86ccaedd25374ffb50
https://git.kernel.org/stable/c/18ca0d55e8639b911df8aae1b47598b13f9acded
https://git.kernel.org/stable/c/3219ac364ac3d8d30771612a6010f1e0b7fa0a28
https://git.kernel.org/stable/c/4af21b12a60ed2d3642284f4f85b42d7dc6ac246
https://git.kernel.org/stable/c/4c253caf9264d2aa47ee806a87986dd8eb91a5d9
https://git.kernel.org/stable/c/6b9dbedbe3499fef862c4dff5217cf91f34e43b3
https://git.kernel.org/stable/c/9834b13e8b962caa28fbcf1f422dd82413da4ede
https://git.kernel.org/stable/c/b3c974501d0c32258ae0e04e5cc3fb92383b40f6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Improper locking in Linux kernel tty driver