Memory leak in Linux kernel dsa mv88e6xxx driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49367 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU104258
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49367
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mv88e6xxx_mdios_register() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/02ded5a173619b11728b8bf75a3fd995a2c1ff28
https://git.kernel.org/stable/c/42658e47f1abbbe592007d3ba303de466114d0bb
https://git.kernel.org/stable/c/86c3c5f8e4bd1325e24f6fba9017cade29933377
https://git.kernel.org/stable/c/8a1a1255152da4fb934290e7ababc66f24985520
https://git.kernel.org/stable/c/a101793994c0a14c70bb4e44c7fda597eeebba0a
https://git.kernel.org/stable/c/c1df9cb756e5a9ba1841648c44ee5d92306b9c65
https://git.kernel.org/stable/c/dc1cf8c6f9793546696fded437a5b4c84944c48b
https://git.kernel.org/stable/c/e0d763d0c7665c7897e4f5a0847ab0c82543345f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
