#VU104693 Improper locking in Linux kernel - CVE-2022-49313

Vulnerability identifier: #VU104693

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49313

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the oxu_bus_suspend() function in drivers/usb/host/oxu210hp-hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/2dcec0bc142be2096af71a5703d63237127db204
https://git.kernel.org/stable/c/4187b291a76664a3c03d3f0d9bfadc8322881868
https://git.kernel.org/stable/c/4d378f2ae58138d4c55684e1d274e7dd94aa6524
https://git.kernel.org/stable/c/9b58d255f27b0ed6a2e43208960864d67579db58
https://git.kernel.org/stable/c/a3d380188bde8900c3f604e82b56572896499124
https://git.kernel.org/stable/c/b97aae8b43b718314012e8170b7e03dbfd2e7677
https://git.kernel.org/stable/c/d888753872190abd18f68a7d77b9c7c367f0a7ab
https://git.kernel.org/stable/c/f8242044c91cafbba9e320b0fb31abf2429a3221
https://git.kernel.org/stable/c/ffe9440d698274c6462d2e304562c6ddfc8c84df

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.