#VU104696 Improper locking in Linux kernel - CVE-2022-49322


Vulnerability identifier: #VU104696

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49322

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the trace_event_buffer_lock_reserve() and output_printk() functions in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/12025abdc8539ed9d5014e2d647a3fd1bd3de5cd
https://git.kernel.org/stable/c/1788e6dbb61286215442b1af99e51405a6206762
https://git.kernel.org/stable/c/40f9fde06b25884baa0c4bd138b909a9b67218b4
https://git.kernel.org/stable/c/43bfc4dccc416c964b53cbdc430e814f8b6f770b
https://git.kernel.org/stable/c/48c6ee7d6c614f09b2c8553a95eefef6ecf196e0
https://git.kernel.org/stable/c/9abf3db8bdb63ab545034148ef2118f4d088ca59
https://git.kernel.org/stable/c/9b534640a2c6a8d88168febc82ec6d161184f2ec
https://git.kernel.org/stable/c/be1f323fb9d9b14a505ca22d742d321769454de1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Improper locking in Linux kernel trace