#VU104283 Memory leak in Linux kernel - CVE-2022-49447
Vulnerability identifier: #VU104283
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hi3xxx_smp_prepare_cpus() and hip01_boot_secondary() functions in arch/arm/mach-hisi/platsmp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/21a3effe446dd6dc5eed7fe897c2f9b88c9a5d6d
https://git.kernel.org/stable/c/45d211668d33c49d73f5213e8c2b58468108647c
https://git.kernel.org/stable/c/46cb7868811d025c3d29c10d18b3422db1cf20d5
https://git.kernel.org/stable/c/9bc72e47d4630d58a840a66a869c56b29554cfe4
https://git.kernel.org/stable/c/a3265a9440030068547a20dfee646666f3ca5278
https://git.kernel.org/stable/c/cafaaae4bb9ce84a2791fa29bf6907a9466c3883
https://git.kernel.org/stable/c/dd4be8ecfb41a29e7c4e551b4e866157ce4a3429
https://git.kernel.org/stable/c/e109058165137ef42841abd989f080adfefa14fa
https://git.kernel.org/stable/c/f8da78b2bae1f54746647a2bb44f8bd6025c57af
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
