Vulnerability identifier: #VU106198
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49751
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the w1_process() function in drivers/w1/w1.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8
External links
https://git.kernel.org/stable/c/190b5c3bbd5df685bb1063bda048831d72b8f1d4
https://git.kernel.org/stable/c/216f35db6ec6a667cd9db4838d657c1d2f4684da
https://git.kernel.org/stable/c/276052159ba94d4d9f5b453fb4707d6798c6b845
https://git.kernel.org/stable/c/36225a7c72e9e3e1ce4001b6ce72849f5c9a2d3b
https://git.kernel.org/stable/c/89c62cee5d4d65ac75d99b5f986f7f94290e888f
https://git.kernel.org/stable/c/bccd6df4c177b1ad766f16565ccc298653d027d0
https://git.kernel.org/stable/c/cfc7462ff824ed6718ed0272ee9aae88e20d469a
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.9
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.