#VU104293 Memory leak in Linux kernel - CVE-2022-49473

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104293

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49473

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the j721e_soc_probe_cpb() and j721e_soc_probe_ivi() functions in sound/soc/ti/j721e-evm.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2a3966b950b37a6f10c5f9caee15b4cdcf5a7413
https://git.kernel.org/stable/c/510e879420b410d88c612aecc6ca15dc6fe77473
https://git.kernel.org/stable/c/554df0f70bff1ace6d2df2fcaddbc9b7bd509de2
https://git.kernel.org/stable/c/a34840c4eb3278a7c29c9c57a65ce7541c66f9f2
https://git.kernel.org/stable/c/d748ff8fbb3a5296bddd586445dc692b079cbe3d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Memory leak in Linux kernel soc ti