#VU94397 Memory leak in Linux kernel - CVE-2022-48853

Vulnerability identifier: #VU94397

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48853

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Documentation/DMA-attributes.txt, include/linux/dma-mapping.h, lib/swiotlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/c132f2ba716b5ee6b35f82226a6e5417d013d753
https://git.kernel.org/stable/c/971e5dadffd02beba1063e7dd9c3a82de17cf534
https://git.kernel.org/stable/c/8d9ac1b6665c73f23e963775f85d99679fd8e192
https://git.kernel.org/stable/c/6bfc5377a210dbda2a237f16d94d1bd4f1335026
https://git.kernel.org/stable/c/d4d975e7921079f877f828099bb8260af335508f
https://git.kernel.org/stable/c/7403f4118ab94be837ab9d770507537a8057bc63
https://git.kernel.org/stable/c/270475d6d2410ec66e971bf181afe1958dad565e
https://git.kernel.org/stable/c/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.