#VU99065 Improper error handling in Linux kernel - CVE-2022-48973

Vulnerability identifier: #VU99065

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48973

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ioport_unmap() and amd_gpio_exit() functions in drivers/gpio/gpio-amd8111.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/4749c5cc147c9860b96db1e71cc36d1de1bd3f59
https://git.kernel.org/stable/c/71d591ef873f9ebb86cd8d053b3caee785b2de6a
https://git.kernel.org/stable/c/b2bc053ebbba57a06fa655db5ea796de2edce445
https://git.kernel.org/stable/c/48bd5d3801f6b67cc144449d434abbd5043a6d37
https://git.kernel.org/stable/c/5ee6413d3dd972930af787b2c0c7aaeb379fa521
https://git.kernel.org/stable/c/4271515f189bd5fe2ec86b4089dab7cb804625d2
https://git.kernel.org/stable/c/e364ce04d8f840478b09eee57b614de7cf1e743e
https://git.kernel.org/stable/c/45fecdb9f658d9c82960c98240bc0770ade19aca

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.