#VU104658 Improper locking in Linux kernel - CVE-2022-49441
Vulnerability identifier: #VU104658
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tty_buffer_alloc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/04ee31678c128a6cc7bb057ea189a8624ba5a314
https://git.kernel.org/stable/c/0bcf44903ef4df742dcada86ccaedd25374ffb50
https://git.kernel.org/stable/c/18ca0d55e8639b911df8aae1b47598b13f9acded
https://git.kernel.org/stable/c/3219ac364ac3d8d30771612a6010f1e0b7fa0a28
https://git.kernel.org/stable/c/4af21b12a60ed2d3642284f4f85b42d7dc6ac246
https://git.kernel.org/stable/c/4c253caf9264d2aa47ee806a87986dd8eb91a5d9
https://git.kernel.org/stable/c/6b9dbedbe3499fef862c4dff5217cf91f34e43b3
https://git.kernel.org/stable/c/9834b13e8b962caa28fbcf1f422dd82413da4ede
https://git.kernel.org/stable/c/b3c974501d0c32258ae0e04e5cc3fb92383b40f6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
