Improper locking in Linux kernel netfilter ipvs



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49903
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU108302

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49903

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip_vs_app_net_init() function in net/netfilter/ipvs/ip_vs_app.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.19 - 4.19.264

CPE2.3 External links

https://git.kernel.org/stable/c/080589287127838046077904f34d5054ea0f895c
https://git.kernel.org/stable/c/0ed71af4d017d2bd2cbb8f7254f613a4914def26
https://git.kernel.org/stable/c/381453770f731f0f43616a1cd4c759b7807a1517
https://git.kernel.org/stable/c/5dbb47ee89762da433cd8458788d7640c85f1a07
https://git.kernel.org/stable/c/768b3c745fe5789f2430bdab02f35a9ad1148d97
https://git.kernel.org/stable/c/83fbf246ced54dadd7b9adc2a16efeff30ba944d
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.265


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###