#VU104863 Resource management error in Linux kernel - CVE-2022-49724


Vulnerability identifier: #VU104863

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49724

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the goldfish_tty_remove() function in drivers/tty/goldfish.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512
https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef
https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8
https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64
https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136
https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836
https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel
Resource management error in Linux kernel tty driver