SB2025022718 - Input validation error in Linux kernel hv driver
Published: February 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025022718
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-49054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hyperv_panic_event(), hyperv_die_event() and vmbus_bus_init() functions in drivers/hv/vmbus_drv.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7
- https://git.kernel.org/stable/c/6230bc50d6d21cae4c084766623d0a6d17958721
- https://git.kernel.org/stable/c/9f8b577f7b43b2170628d6c537252785dcc2dcea
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18