Memory leak in Linux kernel pinctrl nomadik driver

1) Memory leak

EUVDB-ID: #VU104388

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49185

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nmk_pinctrl_probe() function in drivers/pinctrl/nomadik/pinctrl-nomadik.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/0067ba448f1c29ca06e5aee00d8506889ed1f9d0
https://git.kernel.org/stable/c/0356d4b64a03d23daf99a2a29d7d7d91d6ec2ea8
https://git.kernel.org/stable/c/59250d547542f1c7765a78dc97ddfe5e6b0d2ab0
https://git.kernel.org/stable/c/62580a40c9bef3d8a90629c64dda381344b35ffd
https://git.kernel.org/stable/c/669b05ff43bd7ed684379c6e2006a6dad5127b71
https://git.kernel.org/stable/c/9511c6018cd772668def8b034bc67269847e591a
https://git.kernel.org/stable/c/bc1e29a35147c1ba6ea2b06a16cb0028f7c852d2
https://git.kernel.org/stable/c/c09ac191b1f97cfa06f394dbfd7a5db07986cefc
https://git.kernel.org/stable/c/c52703355766c347f270df222a744e0c491a02f2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.