SB20241022231 - Infinite loop in Linux kernel trace
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022231
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2022-49006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the probe_remove_event_call() function in kernel/trace/trace_events.c, within the dyn_event_release() and dyn_events_release_all() functions in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1603feac154ff38514e8354e3079a455eb4801e2
- https://git.kernel.org/stable/c/be111ebd8868d4b7c041cb3c6102e1ae27d6dc1d
- https://git.kernel.org/stable/c/417d5ea6e735e5d88ffb6c436cf2938f3f476dd1
- https://git.kernel.org/stable/c/c52d0c8c4f38f7580cff61c4dfe1034c580cedfd
- https://git.kernel.org/stable/c/4313e5a613049dfc1819a6dfb5f94cf2caff9452
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.158
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.226
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1