#VU104234 Memory leak in Linux kernel - CVE-2022-49253

Vulnerability identifier: #VU104234

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49253

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the s2250_probe() and i2c_unregister_device() functions in drivers/media/usb/go7007/s2250-board.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/14cd5a8e61c654828a1f1056d56f0b0a524d2c69
https://git.kernel.org/stable/c/44973633b0064c46083833b55dd0a45e6235f8ca
https://git.kernel.org/stable/c/67e4550ecd6164bfbdff54c169e5bbf9ccfaf14d
https://git.kernel.org/stable/c/895364fa97e60749855f789bc4568883fc7a8b39
https://git.kernel.org/stable/c/948ad5e5624487079c24cb5c81c74ddd02832440
https://git.kernel.org/stable/c/a97130cd5b0c00eec169b10a16d922b9ea67324a
https://git.kernel.org/stable/c/b5470f3efa530b10296257bb578ce4b1769e9a04
https://git.kernel.org/stable/c/b7dd177225355da55f8d80d8e568928e0eec3608
https://git.kernel.org/stable/c/bbdd0e15738336e6b1208304ae98525117877bbd

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.