Memory leak in Linux kernel power supply driver



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49224
CWE-ID CWE-401
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU104401

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49224

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ab8500_fg_sysfs_init() function in drivers/power/supply/ab8500_fg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3 External links

https://git.kernel.org/stable/c/19aa3c98ed7b2616e105946cec804f897837ab84
https://git.kernel.org/stable/c/261041097ab3470f1120b7733cbf472712304d1e
https://git.kernel.org/stable/c/31cdf7897dba1f096b74f69d840f0575b8cdb9ae
https://git.kernel.org/stable/c/41ed61364285ff38bbbe9ca8a45c8372ba72921d
https://git.kernel.org/stable/c/6a4760463dbc6b603690938c468839985189ce0a
https://git.kernel.org/stable/c/879356a6a05559582b0a7895d86d2d4359745c08
https://git.kernel.org/stable/c/c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1
https://git.kernel.org/stable/c/db3a61ef8e6aef3b888baa6a85926c2230c2cc56
https://git.kernel.org/stable/c/ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###