Main Vulnerability Database Vulnerabilities #VU70465

#VU70465 Resource management error in Linux kernel - CVE-2022-3903

Published: December 21, 2022

Vulnerability identifier: #VU70465

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3903

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an incorrect read request flaw in the Infrared Transceiver USB driver in Linux kernel. An attacker with physical access to the system can starve system resources and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://lore.kernel.org/all/E1obysd-009Grw-He@www.linuxtv.org/
https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/

#VU70465 Resource management error in Linux kernel - CVE-2022-3903

Description

Remediation

External links

Please verify you're human