#VU104380 Memory leak in Linux kernel - CVE-2022-49137

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104380

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49137

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amdgpu_cs_fence_to_handle_ioctl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/3edd8646cb7c11b57c90e026bda6f21076223f5b
https://git.kernel.org/stable/c/4009f104b02b223d1a11d74b36b1cc083bc37028
https://git.kernel.org/stable/c/72d77ddb2224ebc00648f4f78f8a9a259dccbdf7
https://git.kernel.org/stable/c/927beb05aaa429c883cc0ec6adc48964b187e291
https://git.kernel.org/stable/c/b6d1f7d97c81ebaf2cda9c4c943ee2e484fffdcf
https://git.kernel.org/stable/c/bc2d5c0775c839e2b072884f4ee6a93ba410f107
https://git.kernel.org/stable/c/dfced44f122c500004a48ecc8db516bb6a295a1b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

Memory leak in Linux kernel amd amdgpu driver