#VU104664 Improper locking in Linux kernel - CVE-2022-49402

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104664

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49402

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ftrace_func_mapper_add_ip() and register_ftrace_direct() functions in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/7d54c15cb89a29a5f59e5ffc9ee62e6591769ef1
https://git.kernel.org/stable/c/805e87af946d8d2954171361e64d143ff37a441b
https://git.kernel.org/stable/c/82c888e51c2176a06f8b4541cf748ee81aac6e7e
https://git.kernel.org/stable/c/a0392833a178cf109a57c2a9d4d531bdfc6cd98f
https://git.kernel.org/stable/c/cae2978d6907ef2c08b9b15f704e783f7c284713

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper locking in Linux kernel trace