#VU104362 Memory leak in Linux kernel - CVE-2022-49095
Vulnerability identifier: #VU104362
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zorro7xx_remove_one() function in drivers/scsi/zorro7xx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/16ed828b872d12ccba8f07bcc446ae89ba662f9c
https://git.kernel.org/stable/c/1e0c01319dedf1e63ec5df37ead048e17afd92ba
https://git.kernel.org/stable/c/34a47f7ddb4fd1cbd12397aa6f7dad1de08b4050
https://git.kernel.org/stable/c/a845c678e094894f38cc9526d212b21933ce44c7
https://git.kernel.org/stable/c/aefd755a96051aa56b198cb7ecd168b22ba384f6
https://git.kernel.org/stable/c/c5f77b595379b5191316edd365a542f8b1526066
https://git.kernel.org/stable/c/ce430cfad6a5385d5b7f7c1dc3fa50f10abfd41b
https://git.kernel.org/stable/c/db863ab2baf058ed05c7b723612e3c40c9dd6885
https://git.kernel.org/stable/c/de6aee0978f164d3d0c771ce03e3066a26c371c5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
