Main Vulnerability Database Vulnerabilities #VU70465

Resource management error in Linux kernel - CVE-2022-3903

Published: December 21, 2022

Vulnerability identifier: #VU70465

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3903

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an incorrect read request flaw in the Infrared Transceiver USB driver in Linux kernel. An attacker with physical access to the system can starve system resources and perform a denial of service (DoS) attack.

How to mitigate CVE-2022-3903

Install updates from vendor's website.

Sources

https://lore.kernel.org/all/E1obysd-009Grw-He@www.linuxtv.org/
https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/

Resource management error in Linux kernel - CVE-2022-3903

Detailed vulnerability description

How to mitigate CVE-2022-3903

Sources

Please verify you're human