Memory leak in Linux kernel yam



Published: 2022-04-21
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-24959
CWE-ID CWE-401
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU62482

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-24959

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the yam_siocdevprivate() function in drivers/net/hamradio/yam.c. A local user can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: before 5.16.5


CPE2.3
External links

http://github.com/torvalds/linux/commit/29eb31542787e1019208a2e1047bb7c76c069536
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###