SB20240620161 - Memory leak in Linux kernel

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2022-48757)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fanout_add() and packet_create() functions in net/packet/af_packet.c, within the ptype_seq_show() function in net/core/net-procfs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
• https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
• https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
• https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
• https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
• https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
• https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
• https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
• https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.265
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.302
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.96
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.176