#VU104266 Memory leak in Linux kernel - CVE-2022-49389

Vulnerability identifier: #VU104266

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49389

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the stub_probe() and put_busid_priv() functions in drivers/usb/usbip/stub_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/11c65408bd0ba1d9cd1307caa38169292de9cdfb
https://git.kernel.org/stable/c/247d3809e45a34d9e1a3a2bb7012e31ed8b46031
https://git.kernel.org/stable/c/2f0ae93ec33c8456cdfbf7876b80403a6318ebce
https://git.kernel.org/stable/c/51422046be504515eb5a591adf0f424b62f46804
https://git.kernel.org/stable/c/6bafee2f18af5e5ac125e42960bc65496d0e56a0
https://git.kernel.org/stable/c/8afb048800919d0ab10c57983940eba956339f21
https://git.kernel.org/stable/c/9ec4cbf1cc55d126759051acfe328d489c5d6e60
https://git.kernel.org/stable/c/bcbb795a9e78180d74c6ab21518da87e803dfdce
https://git.kernel.org/stable/c/f20d2d3b3364ce6525c050a8b6b4c54c8c19674d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.