SB20241022149 - Input validation error in Linux kernel hwmon driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022149
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-49010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the coretemp_remove_core() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/fb503d077ff7b43913503eaf72995d1239028b99
- https://git.kernel.org/stable/c/070d5ea4a0592a37ad96ce7f7b6b024f90bb009f
- https://git.kernel.org/stable/c/280110db1a7d62ad635b103bafc3ae96e8bef75c
- https://git.kernel.org/stable/c/89eecabe6a47403237f45aafd7d24f93cb973653
- https://git.kernel.org/stable/c/f06e0cd01eab954bd5f2190c9faa79bb5357e05b
- https://git.kernel.org/stable/c/7692700ac818866d138a8de555130a6e70e6ac16
- https://git.kernel.org/stable/c/ae6c8b6e5d5628df1c475c0a8fca1465e205c95b
- https://git.kernel.org/stable/c/a89ff5f5cc64b9fe7a992cf56988fd36f56ca82a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.301
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.335
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.158
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.226
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1