#VU99202 Input validation error in Linux kernel - CVE-2022-49031

Vulnerability identifier: #VU99202

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49031

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the afe4403_read_raw() function in drivers/iio/health/afe4403.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/98afcb5f3be645d330c74c5194ba0d80e26f95e0
https://git.kernel.org/stable/c/c9268df36818ee4eaaaeadc80009b442a5ca69c9
https://git.kernel.org/stable/c/726fa3e4ab97dcff1c745bdc4fb137366cb8d3df
https://git.kernel.org/stable/c/2d6a437064ffbe685c67ddb16dfc0946074c6c3f
https://git.kernel.org/stable/c/b1756af172fb80a3edc143772d49e166ec691b6c
https://git.kernel.org/stable/c/e7e76a77aabef8989cbc0a8417af1aa040620867
https://git.kernel.org/stable/c/06c6ce21cec77dfa860d57e7a006000a57812efb
https://git.kernel.org/stable/c/58143c1ed5882c138a3cd2251a336fc8755f23d9

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.