Improper locking in Linux kernel

#VU96359 Improper locking in Linux kernel

Published: 2024-08-21

Vulnerability identifier: #VU96359

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48891

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the da9211_i2c_probe() function in drivers/regulator/da9211-regulator.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/1c1afcb8839b91c09d211ea304faa269763b1f91
http://git.kernel.org/stable/c/f75cde714e0a67f73ef169aa50d4ed77d04f7236
http://git.kernel.org/stable/c/d443308edbfb6e9e757b478af908515110d1efd5
http://git.kernel.org/stable/c/d4aa749e046435f054e94ebf50cad143d6229fae
http://git.kernel.org/stable/c/470f6a9175f13a53810734658c35cc5bba33be01
http://git.kernel.org/stable/c/ad1336274f733a7cb1f87b5c5908165a2c14df53
http://git.kernel.org/stable/c/02228f6aa6a64d588bc31e3267d05ff184d772eb

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP1 update for kernel

Improper locking in Linux kernel regulator driver