Input validation error in Linux kernel

#VU96369 Input validation error in Linux kernel

Published: 2024-08-21

Vulnerability identifier: #VU96369

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48877

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_lookup_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692
http://git.kernel.org/stable/c/ff85a1dbd90d29f73033177ff8d8de4a27d9721c
http://git.kernel.org/stable/c/557e85ff9afef6d45020b6f09357111d38033c31
http://git.kernel.org/stable/c/72009139a661ade5cb1da4239734ed02fa1cfff0
http://git.kernel.org/stable/c/2c129e868992621a739bdd57a5bffa3985ef1b91
http://git.kernel.org/stable/c/1c38cdc747f00daf7394535eae5afc4c503c59bb
http://git.kernel.org/stable/c/df9d44b645b83fffccfb4e28c1f93376585fdec8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP1 update for kernel

Input validation error in Linux kernel f2fs