#VU104913 Resource management error in Linux kernel - CVE-2022-49227

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU104913

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49227

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the igc_setup_rx_resources() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/3ddb49af08094ebee250b461172ee7b8e27a35d3
https://git.kernel.org/stable/c/453307b569a0d41bddd07f26bf41b784cd82a4c9
https://git.kernel.org/stable/c/65aebcf1e05bd97d2e7ffcdff36efea1757c9450
https://git.kernel.org/stable/c/ab8c107470d12e7ef99030bf0911a10cdef62d16

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Resource management error in Linux kernel intel igc driver