#VU99036 Input validation error in Linux kernel - CVE-2022-49007

Vulnerability identifier: #VU99036

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49007

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_dat_commit_free() function in fs/nilfs2/dat.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/2f2c59506ae39496588ceb8b88bdbdbaed895d63
https://git.kernel.org/stable/c/165c7a3b27a3857ebf57f626b9f38b48b6792e68
https://git.kernel.org/stable/c/bc3fd3293887b4cf84a9109700faeb82de533c89
https://git.kernel.org/stable/c/9a130b72e6bd1fb07fc3cde839dc6fb53da76f07
https://git.kernel.org/stable/c/e858917ab785afe83c14f5ac141301216ccda847
https://git.kernel.org/stable/c/33021419fd81efd3d729a7f19341ba4b98fe66ce
https://git.kernel.org/stable/c/381b84f60e549ea98cec4666c6c728b1b3318756
https://git.kernel.org/stable/c/f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.