#VU104876 Resource management error in Linux kernel - CVE-2022-49160

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104876

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49160

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qla24xx_free_purex_list() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0972252450f90db56dd5415a20e2aec21a08d036
https://git.kernel.org/stable/c/213e57b42537f1a2e5395caa9d7189854133ed12
https://git.kernel.org/stable/c/67f744f73eba870ab96411d0310e831a4adc3713
https://git.kernel.org/stable/c/9b7eb92dac240ab3bc83e188d83a3df834b41eb2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Resource management error in Linux kernel scsi qla2xxx driver