#VU104691 Improper locking in Linux kernel - CVE-2022-49305

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104691

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49305

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_beacons_stop() function in drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/042915c1bfedd684c1d98a841794ee203200571a
https://git.kernel.org/stable/c/1fbe033c52480f7954c057510040fa6286c4ea25
https://git.kernel.org/stable/c/66f769762f65d957f688f3258755c6ec410bf710
https://git.kernel.org/stable/c/806c7b53414934ba2a39449b31fd1a038e500273
https://git.kernel.org/stable/c/b34cb54923a6e5ddefbaf358c85c922c6ab456e2
https://git.kernel.org/stable/c/b465bb2ebf666116c1ac745cb80c65154dc0d27e
https://git.kernel.org/stable/c/ffc9cab7243f8151be37966301307bfd3cda2db3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper locking in Linux kernel rtl8192u ieee80211 driver