#VU92928 Integer underflow in Linux kernel - CVE-2022-48743
Vulnerability identifier: #VU92928
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-191
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/9924c80bd484340191e586110ca22bff23a49f2e
http://git.kernel.org/stable/c/617f9934bb37993b9813832516f318ba874bcb7d
http://git.kernel.org/stable/c/34aeb4da20f93ac80a6291a2dbe7b9c6460e9b26
http://git.kernel.org/stable/c/9892742f035f7aa7dcd2bb0750effa486db89576
http://git.kernel.org/stable/c/4d3fcfe8464838b3920bc2b939d888e0b792934e
http://git.kernel.org/stable/c/db6fd92316a254be2097556f01bccecf560e53ce
http://git.kernel.org/stable/c/e8f73f620fee5f52653ed2da360121e4446575c5
http://git.kernel.org/stable/c/5aac9108a180fc06e28d4e7fb00247ce603b72ee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
