SB20250502102 - Memory leak in Linux kernel iio adc driver
Published: May 2, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250502102
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2022-49794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at91_adc_allocate_trigger() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b
- https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b
- https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c
- https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385
- https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37
- https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4
- https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d
- https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.334