#VU104376 Memory leak in Linux kernel - CVE-2022-49122
Vulnerability identifier: #VU104376
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lookup_ioctl() function in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/02cc46f397eb3691c56affbd5073e54f7a82ac32
https://git.kernel.org/stable/c/0320bac5801b31407200227173205d017488f140
https://git.kernel.org/stable/c/44e6cb3ab177faae840bb2c1ebda9a2539876184
https://git.kernel.org/stable/c/58880025e3362024f6d8ea01cb0c7a5df6c84ba6
https://git.kernel.org/stable/c/71c8df33fd777c7628f6fbc09b14e84806c55914
https://git.kernel.org/stable/c/76c94651005f58885facf9c973007f5ea01ab01f
https://git.kernel.org/stable/c/7ae2c5b89da3cfaf856df880af27d3bb32a74b3d
https://git.kernel.org/stable/c/cd9c88da171a62c4b0f1c70e50c75845969fbc18
https://git.kernel.org/stable/c/dd86064417de828ff2102ddc6049c829bf7585b4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
