PT-2022-7230 · Linux+7 · Linux Kernel+7

Tomasz Moń

Published

2022-03-20

Updated

2024-09-30

CVE-2022-48619

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.10

Description The issue is related to the input set capability() function in the Linux kernel, which can lead to an uncontrolled consumption of resources. An attacker can exploit this to cause a denial of service (panic) because input set capability() mishandles the situation in which an event code falls outside of a bitmap.

Recommendations For Linux kernel versions prior to 5.17.10, update to version 5.17.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the input set capability() function to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Improper Resource Release

Resource Exhaustion

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-404CWE-400CWE-755

Related Identifiers

ALSA-2024:7000

ALSA-2024:7001

AZL-33499

BDU:2024-00389

CESA-2024_7000

CESA-2024_7001

CVE-2022-48619

INFSA-2024_7000

INFSA-2024_7001

OESA-2024-1106

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1669-1

SUSE-SU-2024:1870-1

USN-6938-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-7230 · Linux+7 · Linux Kernel+7

CVE-2022-48619

Weakness Enumeration

Related Identifiers

Affected Products

References · 946