#VU104732 Double free in Linux kernel - CVE-2022-49350


Vulnerability identifier: #VU104732

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49350

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mdio_bus_init() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263
https://git.kernel.org/stable/c/5534bcd7c40299862237c4a8fd9c5031b3db1538
https://git.kernel.org/stable/c/59fa94cddf9eef8d8dae587373eed8b8f4eb11d7
https://git.kernel.org/stable/c/6a90a44d53428a3bf01bd80df9ba78b19959270c
https://git.kernel.org/stable/c/7759c3222815b945a94b212bc0c6cdec475cfec2
https://git.kernel.org/stable/c/ab64ec2c75683f30ccde9eaaf0761002f901aa12
https://git.kernel.org/stable/c/f2f0f8c18b60ca64ff50892ed899cf1c77864755
https://git.kernel.org/stable/c/f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel
Double free in Linux kernel net phy driver