#VU111481 Out-of-bounds read in Linux kernel - CVE-2022-50066
Vulnerability identifier: #VU111481
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aq_nic_service_timer_cb(), aq_nic_get_regs_count(), aq_nic_get_stats(), aq_nic_set_loopback() and aq_nic_stop() functions in drivers/net/ethernet/aquantia/atlantic/aq_nic.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: 5.10, 5.10 rc1, 5.10 rc2, 5.10 rc3, 5.10 rc4, 5.10 rc5, 5.10 rc7, 5.10.1, 5.10.2, 5.10.3, 5.10.4, 5.10.5, 5.10.6, 5.10.7, 5.10.8, 5.10.9, 5.10.10, 5.10.11, 5.10.12, 5.10.13, 5.10.14, 5.10.15, 5.10.16, 5.10.17, 5.10.18, 5.10.19, 5.10.20, 5.10.21, 5.10.22, 5.10.23, 5.10.24, 5.10.25, 5.10.26, 5.10.27, 5.10.28, 5.10.29, 5.10.30, 5.10.31, 5.10.32, 5.10.33, 5.10.34, 5.10.35, 5.10.36, 5.10.37, 5.10.38, 5.10.39, 5.10.40, 5.10.41, 5.10.42, 5.10.43, 5.10.44, 5.10.45, 5.10.46, 5.10.47, 5.10.48, 5.10.49, 5.10.50, 5.10.51, 5.10.52, 5.10.53, 5.10.54, 5.10.55, 5.10.56, 5.10.57, 5.10.58, 5.10.59, 5.10.60, 5.10.61, 5.10.62, 5.10.63, 5.10.64, 5.10.65, 5.10.66, 5.10.67, 5.10.68, 5.10.69, 5.10.70, 5.10.71, 5.10.72, 5.10.73, 5.10.74, 5.10.75, 5.10.76, 5.10.77, 5.10.78, 5.10.79, 5.10.80, 5.10.81, 5.10.82, 5.10.83, 5.10.84, 5.10.85, 5.10.86, 5.10.87, 5.10.88, 5.10.89, 5.10.90, 5.10.91, 5.10.92, 5.10.93, 5.10.94, 5.10.95, 5.10.96, 5.10.97, 5.10.98, 5.10.99, 5.10.100, 5.10.101, 5.10.102, 5.10.103, 5.10.104, 5.10.105, 5.10.106, 5.10.107, 5.10.108, 5.10.109, 5.10.110, 5.10.111, 5.10.112, 5.10.113, 5.10.114, 5.10.115, 5.10.116, 5.10.117, 5.10.118, 5.10.119, 5.10.120, 5.10.121, 5.10.122, 5.10.123, 5.10.124, 5.10.125, 5.10.126, 5.10.127, 5.10.128, 5.10.129, 5.10.130, 5.10.131, 5.10.132, 5.10.133, 5.10.134, 5.10.135, 5.10.136, 5.10.137
External links
https://git.kernel.org/stable/c/23bf155476539354ab5c8cc9bb460fd1209b39b5
https://git.kernel.org/stable/c/2ba5e47fb75fbb8fab45f5c1bc8d5c33d8834bd3
https://git.kernel.org/stable/c/422a02a771599cac96f2b2900d993e0bb7ba5b88
https://git.kernel.org/stable/c/df60c534d4c5a681172952dd4b475a5d818b3a86
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.138
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
