#VU104264 Memory leak in Linux kernel - CVE-2022-49382


Vulnerability identifier: #VU104264

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49382

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rockchip_grf_init() function in drivers/soc/rockchip/grf.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/042571fe1d171773655ad706715ecc865913d9a4
https://git.kernel.org/stable/c/28133325526b92921f3269fdf97a20d90b92b217
https://git.kernel.org/stable/c/5b3e990f85eb034faa461e691e719e8ce9e2a3c8
https://git.kernel.org/stable/c/69a30b2ed620c2206cbbd1e9c112e4fc584e02bd
https://git.kernel.org/stable/c/8f64e84924604bb969ee1fbc4b8d7d09b9214889
https://git.kernel.org/stable/c/9b59588d8be91c96bfb0371e912ceb4f16315dbf
https://git.kernel.org/stable/c/aab25b669cb9fd3698c2631be4435f4fe92d9e59
https://git.kernel.org/stable/c/d5422f323858cad3ac3581075f9a3a5e0d41c0d8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Memory leak in Linux kernel soc rockchip driver