#VU104759 Improper error handling in Linux kernel - CVE-2022-49118

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104759

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49118

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the cq_interrupt_v3_hw(), interrupt_preinit_v3_hw(), hisi_sas_v3_probe() and hisi_sas_v3_destroy_irqs() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/224903cc60d045576393c3b16907742f23e6c740
https://git.kernel.org/stable/c/554fb72ee34f4732c7f694f56c3c6e67790352a0
https://git.kernel.org/stable/c/8b6eab9d683bae7f88dc894b8c851f866032301c
https://git.kernel.org/stable/c/b4cc04fa8f1fc3816c8494d77abab3f72b9d2292
https://git.kernel.org/stable/c/f05a0d8de2ea49af36821a20b0b501e20ced937e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper error handling in Linux kernel scsi hisi_sas driver