Resource management error in Linux kernel

#VU99144 Resource management error in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU99144

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48986

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gup_pud_range() function in mm/gup.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/04edfa3dc06ecfc6133a33bc7271298782dee875
http://git.kernel.org/stable/c/f1cf856123ceb766c49967ec79b841030fa1741f
http://git.kernel.org/stable/c/3ac29732a2ffa64c7de13a072b0f2848b9c11037
http://git.kernel.org/stable/c/e06d13c36ded750c72521b600293befebb4e56c5
http://git.kernel.org/stable/c/fcd0ccd836ffad73d98a66f6fea7b16f735ea920

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP1 update for kernel

Resource management error in Linux kernel mm