SB20241022307 - Input validation error in Linux kernel core seq
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022307
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-48994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/b38486e82ecb9f3046e0184205f6b61408fc40c9
- https://git.kernel.org/stable/c/e385360705a0b346bdb57ce938249175d0613b8a
- https://git.kernel.org/stable/c/2f46e95bf344abc4e74f8158901d32a869e0adb6
- https://git.kernel.org/stable/c/63badfed200219ca656968725f1a43df293ac936
- https://git.kernel.org/stable/c/15c42ab8d43acb73e2eba361ad05822c0af0ecfa
- https://git.kernel.org/stable/c/fccd454129f6a0739651f7f58307cdb631fd6e89
- https://git.kernel.org/stable/c/13ee8fb5410b740c8dd2867d3557c7662f7dda2d
- https://git.kernel.org/stable/c/05530ef7cf7c7d700f6753f058999b1b5099a026
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.302
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.336
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1