#VU63315 Release of invalid pointer or reference in Linux kernel - CVE-2022-24958
Vulnerability identifier: #VU63315
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-763
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda
http://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUVZA2YVOQJBJTDIDQ5HF5TAU2C6WP6H/
http://security.netapp.com/advisory/ntap-20220225-0008/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
