#VU104399 Memory leak in Linux kernel - CVE-2022-49216
Vulnerability identifier: #VU104399
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49216
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.17, 5.17 rc1, 5.17 rc2, 5.17 rc3, 5.17 rc4, 5.17 rc5, 5.17 rc6, 5.17 rc7, 5.17 rc8, 5.17 rc9, 5.17 rc12, 5.17.1
External links
https://git.kernel.org/stable/c/0e2f4e434e71dffd1085c3dccd676514bd71d316
https://git.kernel.org/stable/c/1e06710c43a090f14bb67714265a01cd1d7a37c5
https://git.kernel.org/stable/c/221e3638feb8bc42143833c9a704fa89b6c366bb
https://git.kernel.org/stable/c/2d6ae8b747fe55f54de4a4441d636974aa53f56a
https://git.kernel.org/stable/c/5e8fdb6392d945d33fef959eab73f8c34bc0a63b
https://git.kernel.org/stable/c/852c1f5f3119a38ee68e319bab10277fc1ab06b7
https://git.kernel.org/stable/c/a725070701883fe62266ee6d2f31d67e6cdd31df
https://git.kernel.org/stable/c/cd78b74031cbc94133965f1017deb822657fc1a6
https://git.kernel.org/stable/c/f3c99c686e098300c246e5e8a1474133e3dacb05
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
