#VU104768 Use of uninitialized resource in Linux kernel - CVE-2022-49248
Vulnerability identifier: #VU104768
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fcp_avc_transaction() function in sound/firewire/fcp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/39d2c4a33dc1b4402cec68a3c8f82c6588b6edce
https://git.kernel.org/stable/c/60e5d391805d70458a01998de00d0c28cba40bf3
https://git.kernel.org/stable/c/7025f40690a235a118c87674cfb93072694aa66d
https://git.kernel.org/stable/c/7e6f5786621df060f8296f074efd275eaf20361a
https://git.kernel.org/stable/c/99582e4b19f367fa95bdd150b3034d7ce8113342
https://git.kernel.org/stable/c/b2b65c9013dc28836d82e25d0f0c94d794a14aba
https://git.kernel.org/stable/c/bf0cd60b7e33cf221fbe1114e4acb2c828b0af0d
https://git.kernel.org/stable/c/d07e4bbaff6fbba6f70c04b092ea7d9afcdf392e
https://git.kernel.org/stable/c/eab74c41612083bd627b60da650e19234e4f1051
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
