#VU104238 Memory leak in Linux kernel - CVE-2022-49277

Vulnerability identifier: #VU104238

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49277

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the jffs2_do_mount_fs() function in fs/jffs2/build.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0978e9af4559a171ac7a74a1b3ef21804b0a0fa9
https://git.kernel.org/stable/c/2a9d8184458562e6bf2f40d0e677fc85e2dd3834
https://git.kernel.org/stable/c/4392e8aeebc5a4f8073620bccba7de1b1f6d7c88
https://git.kernel.org/stable/c/5f34310d1376ca5b2ed798258def2c2ab3cc6699
https://git.kernel.org/stable/c/607d3aab7349f18e0d9dba4100d09d16fe27caca
https://git.kernel.org/stable/c/9a0f6610c7daedd2eace430beeb08a8b7ac80699
https://git.kernel.org/stable/c/c94128470e6fe53d9bd9d16d2d3271813f9d37af
https://git.kernel.org/stable/c/d051cef784de4d54835f6b6836d98a8f6935772c
https://git.kernel.org/stable/c/dbe0d0521eaa6a3d235517319266c539bb5c5112

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.