#VU104879 Resource management error in Linux kernel - CVE-2022-49074

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104879

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49074

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gic_dist_base() and gic_do_wait_for_rwp() functions in drivers/irqchip/irq-gic-v3.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0df6664531a12cdd8fc873f0cac0dcb40243d3e9
https://git.kernel.org/stable/c/3c07cc242baf83f0bddbbd9d7945d0bee56d8b57
https://git.kernel.org/stable/c/60e1eb4811f53f5f60c788297d978515e7a2637a
https://git.kernel.org/stable/c/6fef3e3179e6ed8fecdd004ede541674ffa7749d
https://git.kernel.org/stable/c/7218a789abb3e033f5f3a85636ca50d9ae7b0fc9
https://git.kernel.org/stable/c/c7daf1b4ad809692d5c26f33c02ed8a031066548
https://git.kernel.org/stable/c/ff24114bb08d8b90edf2aff0a4fd0689523e6c17

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Resource management error in Linux kernel irqchip driver