#VU104281 Memory leak in Linux kernel - CVE-2022-49439


Vulnerability identifier: #VU104281

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49439

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fsl_rio_setup() function in arch/powerpc/sysdev/fsl_rio.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/46fd994763cf6884b88a2da712af918f3ed54d7b
https://git.kernel.org/stable/c/51e25fbf20c9152d84a34b7afac15a41fe5c9116
https://git.kernel.org/stable/c/5607a77a365df8c0fd5ff43ac424812b95775527
https://git.kernel.org/stable/c/5b8aa2ba38c010f47c965dd9bb5a8561813ed649
https://git.kernel.org/stable/c/7b668a59ddfb32727e39b06fdf52b28e58c684e0
https://git.kernel.org/stable/c/bcb6c4c5eb4836a21411dfe8247bf9951eb6e7c3
https://git.kernel.org/stable/c/c70dd353d37158e06bf8d450d4b31a7091609924
https://git.kernel.org/stable/c/fcee96924ba1596ca80a6770b2567ca546f9a482

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
Memory leak in Linux kernel powerpc sysdev