#VU104760 Improper error handling in Linux kernel - CVE-2022-49112

Cybersecurity Help s.r.o.

Published: 2025-02-26 | Updated: 2025-05-11

Vulnerability identifier: #VU104760

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49112

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the drivers/net/wireless/mediatek/mt76/mt76.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.16, 5.16 rc1, 5.16 rc2, 5.16 rc3, 5.16 rc4, 5.16 rc5, 5.16 rc6, 5.16 rc8, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.16.4, 5.16.5, 5.16.6, 5.16.7, 5.16.8, 5.16.9, 5.16.10, 5.16.11, 5.16.12, 5.16.13, 5.16.14, 5.16.15, 5.16.16, 5.16.17, 5.16.18, 5.16.19

External links
https://git.kernel.org/stable/c/123bc712b1de0805f9d683687e17b1ec2aba0b68
https://git.kernel.org/stable/c/13946d5a68efd11dd6af2f6ef4c908f6b00158a5
https://git.kernel.org/stable/c/95e2af01669c7a3cb7a933cefa06361f9db15059
https://git.kernel.org/stable/c/c37b4cab3d97ef64b206fca4d9daabd9aff7356e
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.20

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper error handling in Linux kernel mediatek mt76 driver