#VU104254 Memory leak in Linux kernel - CVE-2022-49351

Vulnerability identifier: #VU104254

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49351

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the altera_tse_mdio_create() function in drivers/net/ethernet/altera/altera_tse_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/11ec18b1d8d92b9df307d31950dcba0b3dd7283c
https://git.kernel.org/stable/c/1fd12298a0e0ca23478c715e672ee64c85670584
https://git.kernel.org/stable/c/4f850fe0a32c3f1e19b76996a3b1ca32637a14de
https://git.kernel.org/stable/c/5cd0e22fa11f4a21a8c09cc258f20b1474c95801
https://git.kernel.org/stable/c/803b217f1fb49a2dbb2123acdb45111b9c48b8be
https://git.kernel.org/stable/c/8174acbef87b8dd8bf3731eba2a5af1ac857e239
https://git.kernel.org/stable/c/96bf5ed057df2d157274d4e2079002f9a9404bb8
https://git.kernel.org/stable/c/a013fa884d8738ad8455aa1a843b8c9d80c6c833
https://git.kernel.org/stable/c/e31d9ba169860687dba19bdc8fccbfd34077f655

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.