#VU104258 Memory leak in Linux kernel - CVE-2022-49367

Vulnerability identifier: #VU104258

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49367

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mv88e6xxx_mdios_register() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/02ded5a173619b11728b8bf75a3fd995a2c1ff28
https://git.kernel.org/stable/c/42658e47f1abbbe592007d3ba303de466114d0bb
https://git.kernel.org/stable/c/86c3c5f8e4bd1325e24f6fba9017cade29933377
https://git.kernel.org/stable/c/8a1a1255152da4fb934290e7ababc66f24985520
https://git.kernel.org/stable/c/a101793994c0a14c70bb4e44c7fda597eeebba0a
https://git.kernel.org/stable/c/c1df9cb756e5a9ba1841648c44ee5d92306b9c65
https://git.kernel.org/stable/c/dc1cf8c6f9793546696fded437a5b4c84944c48b
https://git.kernel.org/stable/c/e0d763d0c7665c7897e4f5a0847ab0c82543345f

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.