#VU104685 Improper locking in Linux kernel - CVE-2022-49265

Cybersecurity Help s.r.o.

Published: 2025-02-26 | Updated: 2025-05-11

Vulnerability identifier: #VU104685

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49265

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the genpd_remove() function in drivers/base/power/domain.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.17, 5.17 rc1, 5.17 rc2, 5.17 rc3, 5.17 rc4, 5.17 rc5, 5.17 rc6, 5.17 rc7, 5.17 rc8, 5.17 rc9, 5.17 rc12, 5.17.1

External links
https://git.kernel.org/stable/c/2039163c30f886cf5638afd6993705ae9bb34a06
https://git.kernel.org/stable/c/d1b6840d8fb9b35193d45d8fe6b4d830bfd20c3c
https://git.kernel.org/stable/c/f6bfe8b5b2c2a5ac8bd2fc7bca3706e6c3fc26d8
https://git.kernel.org/stable/c/fee777ea77769cc5392a34805d9d73099a223fae
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper locking in Linux kernel base power driver