#VU111479 Out-of-bounds read in Linux kernel - CVE-2022-50084
Vulnerability identifier: #VU111479
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the raid_status() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: 5.18, 5.18 rc1, 5.18 rc2, 5.18 rc3, 5.18 rc5, 5.18 rc6, 5.18 rc7, 5.18 rc8, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 5.18.5, 5.18.6, 5.18.7, 5.18.8, 5.18.9, 5.18.10, 5.18.11, 5.18.12, 5.18.13, 5.18.14, 5.18.15, 5.18.16, 5.18.17
External links
https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b
https://git.kernel.org/stable/c/1fbeea217d8f297fe0e0956a1516d14ba97d0396
https://git.kernel.org/stable/c/49dba30638e091120256a9e89125340795f034dc
https://git.kernel.org/stable/c/4c233811a49578634d10a5e70a9dfa569d451e94
https://git.kernel.org/stable/c/90b006da40dd42285b24dd3c940d2c32aca9a70b
https://git.kernel.org/stable/c/b4c6c07c92b6cba2bf3cb2dfa722debeaf8a8abe
https://git.kernel.org/stable/c/b856ce5f4b55f752144baf17e9d5c415072652c5
https://git.kernel.org/stable/c/cb583ca6125ac64c98e9d65128e95ebb5be7d322
https://git.kernel.org/stable/c/d8971b595d7adac3421c21f59918241f1574061e
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
