#VU104318 Memory leak in Linux kernel - CVE-2022-49621


Vulnerability identifier: #VU104318

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49621

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pmac_cpufreq_init_MacRISC3() function in drivers/cpufreq/pmac32-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/37c16fc2cb13a13f3c0193bfc6f2edef7d7df7d7
https://git.kernel.org/stable/c/3ea9dbf7c2f436952bca331c6f5d72f75aca224e
https://git.kernel.org/stable/c/4513018d0bd739097570d26a7760551cba3deb56
https://git.kernel.org/stable/c/4585890ab2dbf455d80e254d3d859d4c1e357920
https://git.kernel.org/stable/c/4f242486bf46d314b2e3838cc64b56f008a3c4d7
https://git.kernel.org/stable/c/57289b6601fe78c09921599b042a0b430fb420ec
https://git.kernel.org/stable/c/8dda30f81c751b01cd71f2cfaeef26ad4393b1d1
https://git.kernel.org/stable/c/ccd7567d4b6cf187fdfa55f003a9e461ee629e36

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Memory leak in Linux kernel cpufreq driver