#VU94455 Improper locking in Linux kernel - CVE-2022-48786
Published: July 17, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU94455
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48786
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vsock_stream_connect() function in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0bb88f3f7e8d506f3efe46d694964117e20efbfc
- https://git.kernel.org/stable/c/e3b3939fd137aab6d00d54bee0ee9244b286a608
- https://git.kernel.org/stable/c/2910bcb9f67551a45397735e47b6d456eb8cd549
- https://git.kernel.org/stable/c/5f326fe2aef411a6575628f92bd861463ea91df7
- https://git.kernel.org/stable/c/87cd1bbd6677411e17369cd4b7389ab1e1fdba44
- https://git.kernel.org/stable/c/787468ee7a435777521d33399d012fd591ae2f94
- https://git.kernel.org/stable/c/addd62a8cb6fa90aa322365c62487da61f6baab8
- https://git.kernel.org/stable/c/b9208492fcaecff8f43915529ae34b3bcb03877c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.303
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.181