#VU104303 Memory leak in Linux kernel - CVE-2022-49525


Vulnerability identifier: #VU104303

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49525

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cx25821_finidev() function in drivers/media/pci/cx25821/cx25821-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/005fd553f5f10fe8618d92f94ad10f9051eac331
https://git.kernel.org/stable/c/1f0fc1dfb5fdd456657519a97fab83691b96c6a0
https://git.kernel.org/stable/c/2203436a4d24302871617373a7eb21bc17e38762
https://git.kernel.org/stable/c/222292930c8ecc3516e03ec1f9fa8448be7ff496
https://git.kernel.org/stable/c/258639bc55a586ee6df92d89786ccf1c71546d70
https://git.kernel.org/stable/c/3f94169affa33c9db4a439d88f09cb2ed3a33332
https://git.kernel.org/stable/c/4d6295b6d986476232332fffd08575b185f90d81
https://git.kernel.org/stable/c/5beb85ff7d005ddb7bf604a4f2dc76f01b84b318
https://git.kernel.org/stable/c/9d92291698e5cc35a2b8a1106a01ddd7d60ade2d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Memory leak in Linux kernel pci cx25821 driver