#VU104684 Improper locking in Linux kernel - CVE-2022-49247
Vulnerability identifier: #VU104684
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stk1160_uninit_isoc(), stk1160_stop_streaming() and stk1160_clear_queue() functions in drivers/media/usb/stk1160/stk1160-v4l.c, within the stk1160_disconnect() function in drivers/media/usb/stk1160/stk1160-core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/03054f22d5abd80ad89547512c2bfbfb2714d3ed
https://git.kernel.org/stable/c/2874122ca4ca74adec72d6d6bf8828228ec20f15
https://git.kernel.org/stable/c/3cc050df73e3d973f1870a8dc0e177e77670bc7f
https://git.kernel.org/stable/c/4d68603cc4382174bc1e7d532e10675c48c6b257
https://git.kernel.org/stable/c/a09e9882800fdfc5aab93f77c3f0132071d2191b
https://git.kernel.org/stable/c/f04a520a422222fc921bf035dc67414c500a286a
https://git.kernel.org/stable/c/f66e6fd1488d26229f11d86616de1b658c70fa8a
https://git.kernel.org/stable/c/fbe04b49a54e31f4321d632270207f0e6304cd16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
