#VU104690 Improper locking in Linux kernel - CVE-2022-49304
Vulnerability identifier: #VU104690
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sa1100_set_termios() function in drivers/tty/serial/sa1100.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0976808d0d171ec837d4bd3e9f4ad4a00ab703b8
https://git.kernel.org/stable/c/09a5958a2452ad22d0cb638711ef34ea1863a829
https://git.kernel.org/stable/c/2cbfc38df580bff5b2fe19f21c1a7520efcc4b3b
https://git.kernel.org/stable/c/34d91e555e5582cffdbcbb75517bc9217866823e
https://git.kernel.org/stable/c/553213432ef0c295becdc08c0207d2094468f673
https://git.kernel.org/stable/c/62b2caef400c1738b6d22f636c628d9f85cd4c4c
https://git.kernel.org/stable/c/6e2273eefab54a521d9c59efb6e1114e742bdf41
https://git.kernel.org/stable/c/85e20f8bd31a46d8c60103d0274a8ebe8f47f2b2
https://git.kernel.org/stable/c/920f0ae7a129ffee98a106e3bbdfd61a2a59e939
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
