#VU104317 Memory leak in Linux kernel - CVE-2022-49620


Vulnerability identifier: #VU104317

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49620

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_sk_create() function in net/tipc/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/00aff3590fc0a73bddd3b743863c14e76fd35c0c
https://git.kernel.org/stable/c/3b2957fc09fe1ac7f07f40dd50dd5f93e3f3a7a2
https://git.kernel.org/stable/c/4919d82f7041157a421ca9bf39a78551d5ad8a1b
https://git.kernel.org/stable/c/638fa20b618b2bbcf86da71231624cc82121a036
https://git.kernel.org/stable/c/7bc9e7f70bc57d8f02ffea2a42094281effb15ef
https://git.kernel.org/stable/c/833ecd0eae76eadf81d6d747bb5bc992d1151867
https://git.kernel.org/stable/c/ef488669b2652bde5b6ee5a409a5b048a2a50db4
https://git.kernel.org/stable/c/efa78f2ae363428525fb4981bb63c555ee79f3c7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Memory leak in Linux kernel tipc