#VU104315 Memory leak in Linux kernel - CVE-2022-49609


Vulnerability identifier: #VU104315

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49609

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the versatile_reboot_probe() function in drivers/power/reset/arm-versatile-reboot.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/493ceca3271316e74639c89ff8ac35883de64256
https://git.kernel.org/stable/c/49fa778ee044b00471dd9ccae5f6a121fffea1ac
https://git.kernel.org/stable/c/6689754b121bd487f99680280102b3a5cd7374af
https://git.kernel.org/stable/c/71ab83ac65e2d671552374123bf920c1d698335a
https://git.kernel.org/stable/c/78bdf732cf5d74d1c6ecda06830a91f80a4aef6f
https://git.kernel.org/stable/c/80192eff64eee9b3bc0594a47381937b94b9d65a
https://git.kernel.org/stable/c/a9ed3ad3a8d1dfbc829d86edb3236873a315db11
https://git.kernel.org/stable/c/b4d224eec96a18fa8959512cd9e5b6a50bd16a41

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Memory leak in Linux kernel power reset driver