SB2025062067 - Improper locking in Linux kernel tty driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2022-50116)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gsm_queue(), gsmld_output(), gsm_stuff_frame(), gsm_data_alloc(), gsm_is_flow_ctrl_msg(), __gsm_data_queue(), gsm_dlci_modem_output(), gsm_control_message(), gsm_control_wait(), gsm_dlci_close(), gsm_dlci_open(), gsm1_receive(), gsm_cleanup_mux(), gsm_activate_mux(), gsm_alloc_mux() and gsmld_open() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0af021678d5d30c31f5a6b631f404ead3575212a
• https://git.kernel.org/stable/c/7962a4b900099cf90e02859bb297f2c618d8d940
• https://git.kernel.org/stable/c/c165698c9919b000bdbe73859d3bb7b33bdb9223
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18