Linux Kernel Denial of Service Vulnerability in Input Drivers
CVE-2022-48619

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 12 January 2024

What is CVE-2022-48619?

A vulnerability affecting the Linux kernel prior to version 5.17.10 arises from an issue in the input drivers, specifically in the input.c file. The vulnerability occurs when the input_set_capability function fails to appropriately manage scenarios where an event code exists outside of an expected bitmap range. This mishandling can lead to a denial of service condition, resulting in a system panic that disrupts normal operations. Affected systems are at risk if they utilize vulnerable kernel versions, making timely updates and patches essential for maintaining security integrity.

References

https://github.com/torvalds/linux/commit/409353cbe9fe48f6...

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5....

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Jan 12, 2024