#VU104928 Input validation error in Linux kernel - CVE-2022-49269

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU104928

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49269

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the isotp_bind() function in net/can/isotp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/3ea566422cbde9610c2734980d1286ab681bb40e
https://git.kernel.org/stable/c/7b4652fc71dcec043977a6def80ef5034c913615
https://git.kernel.org/stable/c/cf522d741f5301223cc94b978eb1603c7590d65e
https://git.kernel.org/stable/c/d72866a7f5326160d2a9d945a33eb6ef1883e25d
https://git.kernel.org/stable/c/f343dbe82314ab457153c9afd970be4e9e553020

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Input validation error in Linux kernel can