#VU93378 Race condition in Linux kernel - CVE-2022-48645

Cybersecurity Help s.r.o.

Published: 2024-06-26 | Updated: 2025-05-13

Vulnerability identifier: #VU93378

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48645

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the enetc_vf_set_features() and enetc_vf_netdev_setup() functions in drivers/net/ethernet/freescale/enetc/enetc_vf.c, within the enetc_pf_set_features() function in drivers/net/ethernet/freescale/enetc/enetc_pf.c, within the enetc_close() and enetc_setup_tc_mqprio() functions in drivers/net/ethernet/freescale/enetc/enetc.c, within the fsl-enetc-$() function in drivers/net/ethernet/freescale/enetc/Makefile. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.15.17, 5.15.18, 5.15.19, 5.15.20, 5.15.21, 5.15.22, 5.15.23, 5.15.24, 5.15.25, 5.15.26, 5.15.27, 5.15.28, 5.15.29, 5.15.30, 5.15.31, 5.15.32, 5.15.33, 5.15.34, 5.15.35, 5.15.36, 5.15.37, 5.15.38, 5.15.39, 5.15.40, 5.15.41, 5.15.42, 5.15.43, 5.15.44, 5.15.45, 5.15.46, 5.15.47, 5.15.48, 5.15.49, 5.15.50, 5.15.51, 5.15.52, 5.15.53, 5.15.54, 5.15.55, 5.15.56, 5.15.57, 5.15.58, 5.15.59, 5.15.60, 5.15.61, 5.15.62, 5.15.63, 5.15.64, 5.15.65, 5.15.66, 5.15.67, 5.15.68, 5.15.69, 5.15.70, 5.19, 5.19 rc1, 5.19 rc4, 5.19 rc5, 5.19 rc6, 5.19.1, 5.19.2, 5.19.3, 5.19.4, 5.19.5, 5.19.6, 5.19.7, 5.19.8, 5.19.9, 5.19.10, 5.19.11, 6.0 rc1, 6.0 rc2, 6.0 rc3, 6.0 rc4

External links
https://git.kernel.org/stable/c/510e703e4ed0e011db860bc21228aff48fc9eea7
https://git.kernel.org/stable/c/23022b74b1a23bed044f6bc96cf92f6ca5f3e75f
https://git.kernel.org/stable/c/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.71
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 22.03 LTS SP3 update for kernel

Race condition in Linux kernel freescale enetc driver