Memory leak in Linux kernel mm
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-48731 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU92883
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48731
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmemleak_scan() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/d3533ee20e9a0e2e8f60384da7450d43d1c63d1a
http://git.kernel.org/stable/c/352715593e81b917ce1b321e794549815b850134
http://git.kernel.org/stable/c/a5389c80992f0001ee505838fe6a8b20897ce96e
http://git.kernel.org/stable/c/cebb0aceb21ad91429617a40e3a17444fabf1529
http://git.kernel.org/stable/c/c10a0f877fe007021d70f9cada240f42adc2b5db
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
