Memory leak in Linux kernel thermal int340x_thermal driver



Published: 2024-08-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-48924
CWE-ID CWE-401
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU96408

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48924

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the int3400_notify() function in drivers/thermal/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980
http://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693
http://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355
http://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599
http://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a
http://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418
http://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###