Resource management error in Linux kernel net driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-48969 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU99131
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48969
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netfront_resume() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.1 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd
https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda
https://git.kernel.org/stable/c/e6860c889f4ad50b6ab696f5ea154295d72cf27a
https://git.kernel.org/stable/c/e6e897d4fe2f89c0bd94600a40bedf5e6e75e050
https://git.kernel.org/stable/c/f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84
https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
