#VU104329 Memory leak in Linux kernel - CVE-2022-49661

Vulnerability identifier: #VU104329

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49661

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gs_can_open() and gs_can_close() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0e60230bc64355c80abe993d1719fdb318094e20
https://git.kernel.org/stable/c/2bda24ef95c0311ab93bda00db40486acf30bd0a
https://git.kernel.org/stable/c/339fa9f80d3b94177a7a459c6d115d3b56007d5a
https://git.kernel.org/stable/c/6f655b5e13fa4b27e915b6c209ac0da74fd75963
https://git.kernel.org/stable/c/c1d806bc29ff7ffe0e2a023583c8720ed96cb0b0
https://git.kernel.org/stable/c/d0b8e223998866b3e7b2895927d4e9689b0a80d8
https://git.kernel.org/stable/c/d91492638b054f4a359621ef216242be5973ed6b
https://git.kernel.org/stable/c/ffb6cc6601ec7c8fa963dcf76025df4a02f2cf5c

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.