#VU104246 Memory leak in Linux kernel - CVE-2022-49312

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104246

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49312

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the r8712_usb_dvobj_init(), r871x_dev_unload() and r871xu_dev_remove() functions in drivers/staging/rtl8712/usb_intf.c, within the r8712_free_drv_sw() function in drivers/staging/rtl8712/os_intfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/205e039fead72e87ad2838f5e649a4c4834f648b
https://git.kernel.org/stable/c/5a89a92efc342dd7c44b6056da87debc598f9c73
https://git.kernel.org/stable/c/7288ff561de650d4139fab80e9cb0da9b5b32434
https://git.kernel.org/stable/c/8eb42d6d10f8fe509117859defddf9e72b4fa4d0
https://git.kernel.org/stable/c/a2882b8baad068d21c99fb2ab5a85a2bdbd5b834

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Memory leak in Linux kernel staging rtl8712 driver