#VU94405 Memory leak in Linux kernel - CVE-2022-48809


Vulnerability identifier: #VU94405

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48809

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the include/net/dst_metadata.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4
https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540
https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a
https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88
https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1
https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314
https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108
https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Memory leak in Linux kernel net