Resource management error in Linux kernel core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49872 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU108372
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49872
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the skb_segment() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 4.19.266
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0a9f56e525ea871d3950b90076912f5c7494f00f
https://git.kernel.org/stable/c/50868de7dc4e7f0fcadd6029f32bf4387c102ee6
https://git.kernel.org/stable/c/5876b7f249a1ecbbcc8e35072c3828d6526d1c3a
https://git.kernel.org/stable/c/598d9e30927b15731e83797fbd700ecf399f42dd
https://git.kernel.org/stable/c/65ad047fd83502447269fda8fd26c99077a9af47
https://git.kernel.org/stable/c/9e4b7a99a03aefd37ba7bb1f022c8efab5019165
https://git.kernel.org/stable/c/ad25a115f50800c6847e0d841c5c7992a9f7c1b3
https://git.kernel.org/stable/c/bd5362e58721e4d0d1a37796593bd6e51536ce7a
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.267
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
