#VU104359 Memory leak in Linux kernel - CVE-2022-49086

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104359

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49086

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_alloc_flow_actions() and ovs_nla_free_set_action() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1f30fb9166d4f15a1aa19449b9da871fe0ed4796
https://git.kernel.org/stable/c/3554c214b83ec9a839ed574263a34218f372990c
https://git.kernel.org/stable/c/53bce9d19b0a9d245b25cd050b81652ed974a509
https://git.kernel.org/stable/c/5ae05b5eb58773cfec307ff88aff4cfd843c4cff
https://git.kernel.org/stable/c/7438dc55c0709819b813f4778aec2c48b782990b
https://git.kernel.org/stable/c/837b96d8103938e35e7d92cd9db96af914ca4fff
https://git.kernel.org/stable/c/ef6f9ce0a79aa23b10fc5f3b3cab3814a25aac40

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Memory leak in Linux kernel openvswitch