#VU104875 Resource management error in Linux kernel - CVE-2022-49162
Vulnerability identifier: #VU104875
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smtcfb_write() function in drivers/video/fbdev/sm712fb.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0ec746674296c94137f074309c26d17e644c0498
https://git.kernel.org/stable/c/1aea36a62f0a0ad67eccc945bac0bd6422ef720f
https://git.kernel.org/stable/c/3b36c05f68ba32d0dfb63abc9016d6fe9117829f
https://git.kernel.org/stable/c/4f01d09b2bbfbcb47b3eb305560a7f4857a32260
https://git.kernel.org/stable/c/809b8cde86320698661eec677222bc5c5df76176
https://git.kernel.org/stable/c/aeb635b49530b7d19e140949753409f759ba99be
https://git.kernel.org/stable/c/b1c28577529cdfad40c8242673285f1e1e4c314e
https://git.kernel.org/stable/c/eae90015d10f0c9a47fc4adccba4cd79dce664e4
https://git.kernel.org/stable/c/fb791514acf9070225eed46e1ccbb0aa7aae5da5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
