#VU104365 Memory leak in Linux kernel - CVE-2022-49105

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104365

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49105

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wfx_init_common() function in drivers/staging/wfx/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/60f1d3c92dc1ef1026e5b917a329a7fa947da036
https://git.kernel.org/stable/c/86efcb524ae1889ae73f2a2f0bb7fff2ec757ab0
https://git.kernel.org/stable/c/93498c6e775ae91732a8109dba1bdcd324908f84
https://git.kernel.org/stable/c/9727912e906762a63c1a667c84731d3427653f88
https://git.kernel.org/stable/c/ab0fed1fa744173433cfd1dbaf9239f200ded650

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Memory leak in Linux kernel staging wfx driver