#VU104301 Memory leak in Linux kernel - CVE-2022-49517
Vulnerability identifier: #VU104301
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49517
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt2701_wm8960_machine_probe() function in sound/soc/mediatek/mt2701/mt2701-wm8960.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.10, 5.10 rc1, 5.10 rc2, 5.10 rc3, 5.10 rc4, 5.10 rc5, 5.10 rc7, 5.10.1, 5.10.2, 5.10.3, 5.10.4, 5.10.5, 5.10.6, 5.10.7, 5.10.8, 5.10.9, 5.10.10, 5.10.11, 5.10.12, 5.10.13, 5.10.14, 5.10.15, 5.10.16, 5.10.17, 5.10.18, 5.10.19, 5.10.20, 5.10.21, 5.10.22, 5.10.23, 5.10.24, 5.10.25, 5.10.26, 5.10.27, 5.10.28, 5.10.29, 5.10.30, 5.10.31, 5.10.32, 5.10.33, 5.10.34, 5.10.35, 5.10.36, 5.10.37, 5.10.38, 5.10.39, 5.10.40, 5.10.41, 5.10.42, 5.10.43, 5.10.44, 5.10.45, 5.10.46, 5.10.47, 5.10.48, 5.10.49, 5.10.50, 5.10.51, 5.10.52, 5.10.53, 5.10.54, 5.10.55, 5.10.56, 5.10.57, 5.10.58, 5.10.59, 5.10.60, 5.10.61, 5.10.62, 5.10.63, 5.10.64, 5.10.65, 5.10.66, 5.10.67, 5.10.68, 5.10.69, 5.10.70, 5.10.71, 5.10.72, 5.10.73, 5.10.74, 5.10.75, 5.10.76, 5.10.77, 5.10.78, 5.10.79, 5.10.80, 5.10.81, 5.10.82, 5.10.83, 5.10.84, 5.10.85, 5.10.86, 5.10.87, 5.10.88, 5.10.89, 5.10.90, 5.10.91, 5.10.92, 5.10.93, 5.10.94, 5.10.95, 5.10.96, 5.10.97, 5.10.98, 5.10.99, 5.10.100, 5.10.101, 5.10.102, 5.10.103, 5.10.104, 5.10.105, 5.10.106, 5.10.107, 5.10.108, 5.10.109, 5.10.110, 5.10.111, 5.10.112, 5.10.113, 5.10.114, 5.10.115, 5.10.116, 5.10.117, 5.10.118, 5.10.119, 5.10.120
External links
https://git.kernel.org/stable/c/05654431a18fe24e5e46a375d98904134628a102
https://git.kernel.org/stable/c/318afb1442eeef089fe7f8a8297d97c0302ff6f6
https://git.kernel.org/stable/c/61a85a20e8df5e0a92cfe169c92425c7bae0753b
https://git.kernel.org/stable/c/9345122f5fb9f97a206f440f38bb656e53f46912
https://git.kernel.org/stable/c/94587aa17abf8b26f543d2b29c44abc21bc36836
https://git.kernel.org/stable/c/bc2afecaabd2a2c9f17e43b4793a30e3461bfb29
https://git.kernel.org/stable/c/c71494f5f2b444adfd992a7359a0d2a791642b39
https://git.kernel.org/stable/c/f279c49f17ce10866087ea6c0c57382158974b63
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.121
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
