Out-of-bounds read in Linux kernel gfs2



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49769
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU108253

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49769

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the gfs2_check_sb() function in fs/gfs2/ops_fstype.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.9 - 4.9.333

CPE2.3 External links

https://git.kernel.org/stable/c/15c83fa0fd659dd9fbdc940a560b61236e876a80
https://git.kernel.org/stable/c/16670534c7cff1acd918a6a5ec751b14e7436b76
https://git.kernel.org/stable/c/1ad197097343568066a8ffaa27ee7d0ae6d9f476
https://git.kernel.org/stable/c/28275a7c84d21c55ab3282d897f284d8d527173c
https://git.kernel.org/stable/c/5fa30be7ba81191b0a0c7239a89befc0c94286d5
https://git.kernel.org/stable/c/670f8ce56dd0632dc29a0322e188cc73ce3c6b92
https://git.kernel.org/stable/c/8b6534c9ae9dba5489703a19d8ba6c8f2cfa33c2
https://git.kernel.org/stable/c/d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.334


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###