#VU104277 Memory leak in Linux kernel - CVE-2022-49432
Vulnerability identifier: #VU104277
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the icp_opal_init() function in arch/powerpc/sysdev/xics/icp-opal.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1d5c8cea85fb1680eae8d645b96b92146cb4633c
https://git.kernel.org/stable/c/2357bd7499a81c70b460e2191852bbfc7b63c354
https://git.kernel.org/stable/c/537a317e5ff45d1f5a0ecaf6a0d7c8043c878cb1
https://git.kernel.org/stable/c/53f3f7f73e609b934083f896cb7ca2c2cb009b9f
https://git.kernel.org/stable/c/5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9
https://git.kernel.org/stable/c/6a61a97106279c2aa16fbbb2a171fd5dde127d23
https://git.kernel.org/stable/c/977dbc81d0f866ef63b93c127b7404f07734b3cc
https://git.kernel.org/stable/c/9a42bc2494fadb453de00ce61042e588563ddc6d
https://git.kernel.org/stable/c/df802880a7f9cd96b921b00639b00871f18a9a57
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
