#VU92987 Resource management error in Linux kernel - CVE-2022-48636

Vulnerability identifier: #VU92987

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48636

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70
https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4
https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1
https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1
https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b
https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6
https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac
https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.