Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-48924 |
CWE-ID | CWE-401 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU96408
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48924
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the int3400_notify() function in drivers/thermal/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980
http://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693
http://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355
http://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599
http://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a
http://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418
http://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.