#VU99197 Improper locking in Linux kernel - CVE-2022-48988
Vulnerability identifier: #VU99197
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/b77600e26fd48727a95ffd50ba1e937efb548125
https://git.kernel.org/stable/c/e1ae97624ecf400ea56c238bff23e5cd139df0b8
https://git.kernel.org/stable/c/35963b31821920908e397146502066f6b032c917
https://git.kernel.org/stable/c/f1f7f36cf682fa59db15e2089039a2eeb58ff2ad
https://git.kernel.org/stable/c/aad8bbd17a1d586005feb9226c2e9cfce1432e13
https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc
https://git.kernel.org/stable/c/4a7ba45b1a435e7097ca0f79a847d0949d0eb088
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
