Input validation error in Linux kernel ipv6



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49048
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU104920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49048

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ip6_forward() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.17 - 5.17.3

CPE2.3 External links

https://git.kernel.org/stable/c/74b68f5249f16c5f7f675d0f604fa6ae20e3a151
https://git.kernel.org/stable/c/a263712ba8c9ded25dd9d2d5ced11bcea5b33a3e
https://git.kernel.org/stable/c/ab2f5afb7af5c68389e8c7dd29e0a98fbeaaa435
https://git.kernel.org/stable/c/adee01bbf6cb5b3e4ed08be8ff866aac90f13836
https://git.kernel.org/stable/c/e3fa461d8b0e185b7da8a101fe94dfe6dd500ac0
https://git.kernel.org/stable/c/e69fb3de87a8923e5931a272a38fa3cceb01da44
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###