Vulnerability identifier: #VU63315

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24958

CWE-ID: CWE-763

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda
http://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUVZA2YVOQJBJTDIDQ5HF5TAU2C6WP6H/
http://security.netapp.com/advisory/ntap-20220225-0008/

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.