#VU96421 NULL pointer dereference in Linux kernel


Published: 2024-08-22

Vulnerability identifier: #VU96421

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48914

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xennet_close(), xennet_poll_controller() and xennet_destroy_queues() functions in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/198cdc287769c717dafff5887c6125cb7a373bf3
http://git.kernel.org/stable/c/b40c912624775a21da32d1105e158db5f6d0554a
http://git.kernel.org/stable/c/a1753d5c29a6fb9a8966dcf04cb4f3b71e303ae8
http://git.kernel.org/stable/c/a63eb1e4a2e1a191a90217871e67fba42fd39255
http://git.kernel.org/stable/c/47e2f166ed9fe17f24561d6315be2228f6a90209
http://git.kernel.org/stable/c/dcf4ff7a48e7598e6b10126cc02177abb8ae4f3f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
NULL pointer dereference in Linux kernel net driver