#VU104752 Improper error handling in Linux kernel - CVE-2022-49347
Vulnerability identifier: #VU104752
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_convert_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/013f12bdedb96816aaa27ee04349f4433d361f52
https://git.kernel.org/stable/c/18a759f7f99f0b65a08ff5b7e745fc405a42bde4
https://git.kernel.org/stable/c/19918ec7717d87d5ab825884a46b26b21375d7ce
https://git.kernel.org/stable/c/1b061af037646c9cdb0afd8a8d2f1e1c06285866
https://git.kernel.org/stable/c/1cde35417edc0370fb0179a4e38b78a15350a8d0
https://git.kernel.org/stable/c/73fd5b19285197078ee8a2e651d75d5b094a4de9
https://git.kernel.org/stable/c/b2b78f5bf2d453dda3903955efee059260787a42
https://git.kernel.org/stable/c/de1732b5c1693ad489c5d254f124f67cb775f37d
https://git.kernel.org/stable/c/ef09ed5d37b84d18562b30cf7253e57062d0db05
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
