#VU104401 Memory leak in Linux kernel - CVE-2022-49224
Vulnerability identifier: #VU104401
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ab8500_fg_sysfs_init() function in drivers/power/supply/ab8500_fg.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/19aa3c98ed7b2616e105946cec804f897837ab84
https://git.kernel.org/stable/c/261041097ab3470f1120b7733cbf472712304d1e
https://git.kernel.org/stable/c/31cdf7897dba1f096b74f69d840f0575b8cdb9ae
https://git.kernel.org/stable/c/41ed61364285ff38bbbe9ca8a45c8372ba72921d
https://git.kernel.org/stable/c/6a4760463dbc6b603690938c468839985189ce0a
https://git.kernel.org/stable/c/879356a6a05559582b0a7895d86d2d4359745c08
https://git.kernel.org/stable/c/c32f6b6196b6efc1c68990dfeaac36fb8eb3b8e1
https://git.kernel.org/stable/c/db3a61ef8e6aef3b888baa6a85926c2230c2cc56
https://git.kernel.org/stable/c/ffb8e92b4cef92bd25563cf3d8b4489eb22bc61f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
