#VU68340 Race condition in Linux kernel


Published: 2022-10-15

Vulnerability identifier: #VU68340

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41849

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in the drivers/video/fbdev/smscufx.c in the Linux kernel. An attacker with physical proximity to the system can remove the USB device while calling open(), cause a race condition between the ufx_ops_open and ufx_usb_disconnect and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-oem-5.17
Ubuntu update for linux
Ubuntu update for linux-aws
Ubuntu update for linux-gcp
Ubuntu update for linux-aws
Ubuntu update for linux-azure
Multiple vulnerabilities in Dell EMC VxRail Appliance
Ubuntu update for linux-azure
Ubuntu update for linux-bluefield
Ubuntu update for linux-azure-fde