#VU104669 Improper locking in Linux kernel - CVE-2022-49372
Vulnerability identifier: #VU104669
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_rtx_synack() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.18, 5.18 rc1, 5.18 rc2, 5.18 rc3, 5.18 rc5, 5.18 rc6, 5.18 rc7, 5.18 rc8, 5.18.1, 5.18.2, 5.18.3
External links
https://git.kernel.org/stable/c/0a0f7f84148445c9f02f226928803a870139d820
https://git.kernel.org/stable/c/0a375c822497ed6ad6b5da0792a12a6f1af10c0b
https://git.kernel.org/stable/c/3db889f883e65bbd3b1401279bfc1e9ed255c481
https://git.kernel.org/stable/c/58bd38cbc961fd799842b7be8c5222310f04b908
https://git.kernel.org/stable/c/88cd232146207ff1d41dededed5e77c0d4438113
https://git.kernel.org/stable/c/bdc28a8fb43cc476e33b11519235adb816ce00e8
https://git.kernel.org/stable/c/c348b0f8d035fc4bdc040796889beec7218bd1b8
https://git.kernel.org/stable/c/d05c2fdf8e10528bb6751bd95243e862d5402a9b
https://git.kernel.org/stable/c/d8e1bc6029acac796293310aacef7b7336f35b6a
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
