Memory leak in Linux kernel ethernet altera driver

1) Memory leak

EUVDB-ID: #VU104254

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49351

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the altera_tse_mdio_create() function in drivers/net/ethernet/altera/altera_tse_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c
https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584
https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de
https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801
https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be
https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239
https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8
https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833
https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.