Memory leak in Linux kernel

#VU96408 Memory leak in Linux kernel

Published: 2024-08-22

Vulnerability identifier: #VU96408

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48924

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the int3400_notify() function in drivers/thermal/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980
http://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693
http://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355
http://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599
http://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a
http://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418
http://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

Memory leak in Linux kernel thermal int340x_thermal driver