#VU93180 Resource management error in Linux kernel - CVE-2022-48715

Vulnerability identifier: #VU93180

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48715

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/3a345198a7c2d1db2526dc60b77052f75de019d3
https://git.kernel.org/stable/c/471085571f926a1fe6b1bed095638994dbf23990
https://git.kernel.org/stable/c/003bcee66a8f0e76157eb3af369c173151901d97
https://git.kernel.org/stable/c/53e4f71763c61a557283eb43301efd671922d1e8
https://git.kernel.org/stable/c/ec4334152dae175dbd8fd5bde1d2139bbe7b42d0
https://git.kernel.org/stable/c/2f5a1ac68bdf2899ce822ab845081922ea8c588e
https://git.kernel.org/stable/c/2d24336c7214b281b51860e54783dfc65f1248df
https://git.kernel.org/stable/c/936bd03405fc83ba039d42bc93ffd4b88418f1d3

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.