NULL pointer dereference in Linux kernel core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49045 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU104618
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49045
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_pcm_format_set_silence() function in sound/core/pcm_misc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 4.19.238
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2f7a26abb8241a0208c68d22815aa247c5ddacab
https://git.kernel.org/stable/c/377a80ca6590f40ec8a85227b889a5d399fe26c3
https://git.kernel.org/stable/c/63038f6e96a77a0abf8083649c53e6a72c1a0124
https://git.kernel.org/stable/c/77af45df08768401602472f3e3879dce14f55497
https://git.kernel.org/stable/c/912797e54c99a98f0722f21313e13a3938bb6dba
https://git.kernel.org/stable/c/97345c90235b1bb7661e7a428d9dcb96b1d7f5d4
https://git.kernel.org/stable/c/c3b2f23bfe5452b00eb1c842bc71098449e4ad9f
https://git.kernel.org/stable/c/eb04e3112a3516e483d60a9af9762961702a6c1b
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
