Vulnerability identifier: #VU94453

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48810

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip6mr_rules_init() function in net/ipv6/ip6mr.c, within the ipmr_rules_init() function in net/ipv4/ipmr.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/80c529322600dfb1f985b5e3f14c3c6f522ce154
http://git.kernel.org/stable/c/b541845dfc4e7df551955e70deec0921d6b297c3
http://git.kernel.org/stable/c/12b6703e9546902c56b4b9048b893ad49d62bdd4
http://git.kernel.org/stable/c/16dcfde98a25340ff0f7879a16bea141d824a196
http://git.kernel.org/stable/c/09ac0fcb0a82d647f2c61d3d488d367b7ee5bd51
http://git.kernel.org/stable/c/3cab045c99dbb9a94eb2d1d405f399916eec698a
http://git.kernel.org/stable/c/feb9597e22755dce782aae26ac0590c06737e049
http://git.kernel.org/stable/c/5611a00697c8ecc5aad04392bea629e9d6a20463

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.