#VU104268 Memory leak in Linux kernel - CVE-2022-49396


Vulnerability identifier: #VU104268

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49396

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qcom_qmp_reset_control_put() and qcom_qmp_phy_create() functions in drivers/phy/qualcomm/phy-qcom-qmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2156dc390402043ba5982489c6625adcb0b0975c
https://git.kernel.org/stable/c/4d2900f20edfe541f75756a00deeb2ffe7c66bc1
https://git.kernel.org/stable/c/7ac21b24af859c097eb4034e93430056068f8f31
https://git.kernel.org/stable/c/8c03eb0c8982677b4e17174073a011788891304d
https://git.kernel.org/stable/c/a39d9eccb333b8c07c43ebea1c6dfda122378a0f
https://git.kernel.org/stable/c/b7b5fbcaac5355e2e695dc0c08a0fcf248250388
https://git.kernel.org/stable/c/ba173a6f8d8dffed64bb13ab23081bdddfb464f0
https://git.kernel.org/stable/c/feb05b10b3ed3ae21b851520a0d0b71685439517

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Memory leak in Linux kernel phy qualcomm driver