#VU99037 Input validation error in Linux kernel - CVE-2022-49010
Vulnerability identifier: #VU99037
Vulnerability risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99
http://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f
http://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c
http://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653
http://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b
http://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16
http://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b
http://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
