#VU92892 Memory leak in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92892

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48722

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/a1c277b0ed2a13e7de923b5f03bc23586eceb851
http://git.kernel.org/stable/c/d6a44feb2f28d71a7e725f72d09c97c81561cd9a
http://git.kernel.org/stable/c/6f38d3a6ec11c2733b1c641a46a2a2ecec57be08
http://git.kernel.org/stable/c/78b3f20c17cbcb7645bfa63f2ca0e11b53c09d56
http://git.kernel.org/stable/c/94cd597e20ed4acedb8f15f029d92998b011cb1a
http://git.kernel.org/stable/c/21feb6df3967541931242c427fe0958276af81cc
http://git.kernel.org/stable/c/621b24b09eb61c63f262da0c9c5f0e93348897e5


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability