#VU104388 Memory leak in Linux kernel - CVE-2022-49185


Vulnerability identifier: #VU104388

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49185

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nmk_pinctrl_probe() function in drivers/pinctrl/nomadik/pinctrl-nomadik.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/0067ba448f1c29ca06e5aee00d8506889ed1f9d0
https://git.kernel.org/stable/c/0356d4b64a03d23daf99a2a29d7d7d91d6ec2ea8
https://git.kernel.org/stable/c/59250d547542f1c7765a78dc97ddfe5e6b0d2ab0
https://git.kernel.org/stable/c/62580a40c9bef3d8a90629c64dda381344b35ffd
https://git.kernel.org/stable/c/669b05ff43bd7ed684379c6e2006a6dad5127b71
https://git.kernel.org/stable/c/9511c6018cd772668def8b034bc67269847e591a
https://git.kernel.org/stable/c/bc1e29a35147c1ba6ea2b06a16cb0028f7c852d2
https://git.kernel.org/stable/c/c09ac191b1f97cfa06f394dbfd7a5db07986cefc
https://git.kernel.org/stable/c/c52703355766c347f270df222a744e0c491a02f2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Memory leak in Linux kernel pinctrl nomadik driver