SB20241022251 - Resource management error in Linux kernel rtc driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022251
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2022-48953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cmos_check_acpi_rtc_status(), cmos_pnp_probe(), cmos_of_init() and cmos_platform_probe() functions in drivers/rtc/rtc-cmos.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef
- https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d
- https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6
- https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1