#VU104709 Improper locking in Linux kernel - CVE-2022-49155


| Updated: 2025-05-11

Vulnerability identifier: #VU104709

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49155

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qla2xxx_create_qpair() function in drivers/scsi/qla2xxx/qla_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.10.109

External links
https://git.kernel.org/stable/c/1ab81d82fb1db7ec4be4b0d04563513e6d4bcdd5
https://git.kernel.org/stable/c/43195a0c620761fbb88db04e2475313855b948a4
https://git.kernel.org/stable/c/8077a7162bc3cf658dd9ff112bc77716c08458c5
https://git.kernel.org/stable/c/9c33d49ab9f3d8bd7512b3070cd2f07c4a8849d5
https://git.kernel.org/stable/c/a60447e7d451df42c7bde43af53b34f10f34f469
https://git.kernel.org/stable/c/a669a22aef0ceff706b885370af74b5a60a8ac85
https://git.kernel.org/stable/c/f68776f28d9134fa65056e7e63bfc734049730b7
https://git.kernel.org/stable/c/f97316dd393bc8df1cc2af6295a97b876eecf252
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Improper locking in Linux kernel scsi qla2xxx driver