#VU104263 Memory leak in Linux kernel - CVE-2022-49381
Vulnerability identifier: #VU104263
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the jffs2_free_raw_node_refs() function in fs/jffs2/fs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/28048a4cf3813b7cf5cc8cce629dfdc7951cb1c2
https://git.kernel.org/stable/c/3252d327f977b14663a10967f3b0930d6c325687
https://git.kernel.org/stable/c/4ba7bbeab8009faf3a726e565d98816593ddd5b0
https://git.kernel.org/stable/c/4da8763a3d2b684c773b72ed80fad40bc264bc40
https://git.kernel.org/stable/c/69295267c481545f636b69ff341b8db75aa136b9
https://git.kernel.org/stable/c/c14adb1cf70a984ed081c67e9d27bc3caad9537c
https://git.kernel.org/stable/c/cf9db013e167bc8fc2ecd7a13ed97a37df0c9dab
https://git.kernel.org/stable/c/d3a4fff1e7e408c32649030daa7c2c42a7e19a95
https://git.kernel.org/stable/c/ecc53e58596542791e82eff00702f8af7a313f70
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
