#VU104353 Memory leak in Linux kernel - CVE-2022-49729

Vulnerability identifier: #VU104353

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49729

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfcmrvl_play_deferred() function in drivers/nfc/nfcmrvl/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0eeec1a8b0cd38c47edeb042980a6aeacecf35ed
https://git.kernel.org/stable/c/1eb0afecfb9cd0f38424b82bd9aaa542310934ee
https://git.kernel.org/stable/c/3e7c7df6991ac349f2fa8540047757df666e610f
https://git.kernel.org/stable/c/3eadc560c1919b8193d17334145dad9a917960e4
https://git.kernel.org/stable/c/6616872cfe7f0474a22dd1f12699f95bcf81a54d
https://git.kernel.org/stable/c/6b4d8b44e7163a77fe942f5b80e1651c1b78c537
https://git.kernel.org/stable/c/8a4d480702b71184fabcf379b80bf7539716752e
https://git.kernel.org/stable/c/f21f908347712b8288ffe83b531b5e977042b29c

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.