SB2023012560 - Denial of service in multiple Linux kernel drivers

Main Vulnerability Database SB2023012560

SB2023012560 - Denial of service in multiple Linux kernel drivers

Published: January 25, 2023 Updated: January 26, 2023

Security Bulletin ID SB2023012560

Severity

Low

Patch available

YES

Number of vulnerabilities 9

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-3105)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the uapi_finalize() function in drivers/infiniband/core/uverbs_uapi.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2022-3111)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the free_charger_irq() function in drivers/power/supply/wm8350_power.c. A local user can perform a denial of service (DoS) attack.

3) Unchecked Return Value (CVE-ID: CVE-2022-3108)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked return value within the kfd_parse_subtype_iolink() function in drivers/gpu/drm/amd/amdkfd/kfd_crat.c. A local user can crash the kernel.

4) NULL pointer dereference (CVE-ID: CVE-2022-3106)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ef100_update_stats() function in drivers/net/ethernet/sfc/ef100_nic.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2022-3107)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the netvsc_get_ethtool_stats() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2022-3113)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mtk_vcodec_fw_vpu_init() function in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2022-3112)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the amvdec_set_canvases() function in drivers/staging/media/meson/vdec/vdec_helpers.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2022-3115)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the malidp_crtc_reset() function in drivers/gpu/drm/arm/malidp_crtc.c. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2022-3104)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the lkdtm_ARRAY_BOUNDS() function in drivers/misc/lkdtm/bugs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References