#VU104571 NULL pointer dereference in Linux kernel - CVE-2022-49429
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104571
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49429
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_write_iter() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0e4dda8b3f4c07ee9ea670a10ea3171a5e63a86f
- https://git.kernel.org/stable/c/22e7e400fd1a890db2ea13686324aff50e972f4f
- https://git.kernel.org/stable/c/29952ab85d6c3fe0b7909d9a737f10c58bf6824d
- https://git.kernel.org/stable/c/32e6aea33944f364d51cd263e4cd236393a188b6
- https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762
- https://git.kernel.org/stable/c/629e052d0c98e46dde9f0824f0aa437f678d9b8f
- https://git.kernel.org/stable/c/cc80d3c37cec9d6ddb140483647901bc7cc6c31d
- https://git.kernel.org/stable/c/e60ad83f645ee6fadd5a8057ba267aeec54f08fe
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.198