Resource management error in Linux kernel soc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-48917 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU96442
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48917
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 5.17 rc12
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/69f42e41256d5a234d3ae0d35fa66dc6d8171846
https://git.kernel.org/stable/c/7e0e4bc93811cf600508ff36f07abea7b40643ed
https://git.kernel.org/stable/c/0b2ecc9163472128e7f30b517bee92dcd27ffc34
https://git.kernel.org/stable/c/f3537f1b2bfd3b1df15723df49fc26eccd5112fe
https://git.kernel.org/stable/c/6951a5888165a38bb7c39a2d18f5668b2f1241c7
https://git.kernel.org/stable/c/050b1821f27c5d4fd5a298f6e62c3d3c9335e622
https://git.kernel.org/stable/c/70712d5afbbea898d5f51fa02e315fe0a4835043
https://git.kernel.org/stable/c/9bdd10d57a8807dba0003af0325191f3cec0f11c
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.270
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.305
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.183
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
