#VU104296 Memory leak in Linux kernel - CVE-2022-49481
Vulnerability identifier: #VU104296
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pfuze_parse_regulators_dt() function in drivers/regulator/pfuze100-regulator.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0be5d9da5743b9825a95baec85a67500b2c1d362
https://git.kernel.org/stable/c/49d785baeb91568332197be356d138e5e59c7ddb
https://git.kernel.org/stable/c/56ab0c01027492cd161c64148e1dc892c56887ad
https://git.kernel.org/stable/c/671be14fc31374b1a10a3abd93db6a8480838fc9
https://git.kernel.org/stable/c/6ca675f4abbc74bc991d154a1ecc8b384dc2aae4
https://git.kernel.org/stable/c/984cfef0675ed7398814e14af2c5323911723e1c
https://git.kernel.org/stable/c/9f564e29a51210a49df3d925117777c157a17d6d
https://git.kernel.org/stable/c/afaa7b933ef00a2d3262f4d1252087613fb5c06d
https://git.kernel.org/stable/c/b74c0dd9179d21b7260260e075d597b23970100c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
