#VU66812 Integer underflow in Linux kernel


| Updated: 2023-06-08

Vulnerability identifier: #VU66812

Vulnerability risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-2639

CWE-ID: CWE-191

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the reserve_sfa_size() function in the openvswitch kernel module in Linux kernel. A local user can trigger an out-of-bounds read error and crash the system or escalate privileges.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8
http://bugzilla.redhat.com/show_bug.cgi?id=2084479


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability