#VU104672 Improper locking in Linux kernel - CVE-2022-49519

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104672

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49519

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ath10k_stop() function in drivers/net/wireless/ath/ath10k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/5321e5211b5dc873e2e3d0deb749e69ecf4dbfe5
https://git.kernel.org/stable/c/7eb14cb604f49e58b7cf6faa87961a865a3c8649
https://git.kernel.org/stable/c/8aa3750986ffcf73e0692db3b40dd3a8e8c0c575
https://git.kernel.org/stable/c/b72a4aff947ba807177bdabb43debaf2c66bee05
https://git.kernel.org/stable/c/c2272428090d0d215a3f017cbbbad731c07eee53

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper locking in Linux kernel ath ath10k driver