Vulnerability identifier: #VU96400

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48928

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the men_z188_probe() function in drivers/iio/adc/men_z188_adc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/0f88722313645a903f4d420ba61ddc690ec2481d
http://git.kernel.org/stable/c/c5723b422f564af15f2e3bc0592fd6376a0a6c45
http://git.kernel.org/stable/c/53d43a9c8dd224e66559fe86af1e473802c7130e
http://git.kernel.org/stable/c/ce1076b33e299dc8d270e4450a420a18bfb3e190
http://git.kernel.org/stable/c/1aa12ecfdcbafebc218910ec47acf6262e600cf5
http://git.kernel.org/stable/c/fe73477802981bd0d0d70f2b22f109bcca801bdb
http://git.kernel.org/stable/c/d6ed5426a7fad36cf928c244483ba24e72359638
http://git.kernel.org/stable/c/e0a2e37f303828d030a83f33ffe14b36cb88d563

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.