Memory leak in Linux kernel mm
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49080 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU104358
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49080
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_alloc() function in mm/mempolicy.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/198932a14aeb19a15cf19e51e151d023bc4cd648
https://git.kernel.org/stable/c/25f506273b6ae806fd46bfcb6fdaa5b9ec81a05b
https://git.kernel.org/stable/c/39a32f3c06f6d68a530bf9612afa19f50f12e93d
https://git.kernel.org/stable/c/4ad099559b00ac01c3726e5c95dc3108ef47d03e
https://git.kernel.org/stable/c/5e16dc5378abd749a836daa9ee4ab2c8d2668999
https://git.kernel.org/stable/c/6e00309ac716fa8225f0cbde2cd9c24f0e74ee21
https://git.kernel.org/stable/c/8510c2346d9e47a72b7f018a36ef0c39483e53d6
https://git.kernel.org/stable/c/f7e183b0a7136b6dc9c7b9b2a85a608a8feba894
https://git.kernel.org/stable/c/fe39ac59dbbf893b73b24e3184161d0bd06d6651
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
