#VU104884 Buffer overflow in Linux kernel - CVE-2022-49645

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104884

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49645

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the panfrost_ioctl_madvise() function in drivers/gpu/drm/panfrost/panfrost_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0581613df7f9a4c5fac096ce1d5fb15b7b994240
https://git.kernel.org/stable/c/1807d8867402a58b831a7fc16832747ff559a0d1
https://git.kernel.org/stable/c/393594aad55179eb761af41533d8d1d6eb4543b0
https://git.kernel.org/stable/c/9fc33eaaa979d112d10fea729edcd2a2e21aa912
https://git.kernel.org/stable/c/f036392edd9c49090781d8cca26ad6557a63bae4

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Buffer overflow in Linux kernel drm panfrost driver