#VU104715 Input validation error in Linux kernel - CVE-2022-49725


Vulnerability identifier: #VU104715

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49725

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_diag_test() function in drivers/net/ethernet/intel/i40e/i40e_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0a4e5a3dc5e41212870e6043895ae02455c93f63
https://git.kernel.org/stable/c/15950157e2c24865b696db1c9ccc72743ae0e967
https://git.kernel.org/stable/c/322271351b0e41565171e4cce70ea41854fac115
https://git.kernel.org/stable/c/5ba9956ca57e361fb13ea369bb753eb33177acc7
https://git.kernel.org/stable/c/814092927a215f5ca6c08249ec72a205e0b473cd
https://git.kernel.org/stable/c/fd5855e6b1358e816710afee68a1d2bc685176ca
https://git.kernel.org/stable/c/ff6e03fe84bc917bb0c907d02de668c2fe101712

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Input validation error in Linux kernel intel i40e driver