#VU104280 Memory leak in Linux kernel - CVE-2022-49438
Vulnerability identifier: #VU104280
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bbc_beep_probe() function in drivers/input/misc/sparcspkr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1124e39fea0e2fdb4202f95b716cb97cc7de7cc7
https://git.kernel.org/stable/c/2f51db16cb740ff90086189a1ef2581eab665591
https://git.kernel.org/stable/c/353bc58ac6c782d4dcde9136a91d1f90867938fe
https://git.kernel.org/stable/c/418b6a3e12f75638abc5673eb76cb32127d0ab13
https://git.kernel.org/stable/c/6e07ccc7d56130f760d23f67a70c45366c07debc
https://git.kernel.org/stable/c/73d6f42d8d86648bec2e73d34fe1648cb6d23e08
https://git.kernel.org/stable/c/bbc2b0ce6042dd3117827f10ea8cb67e0ab786da
https://git.kernel.org/stable/c/c8994b30d71d64d5dcc9bc0edbfdf367171aa96f
https://git.kernel.org/stable/c/f13064b0f2c651a3fbb0749932795c6fd21556a8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
