Memory leak in Linux kernel net
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-48809 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU94405
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48809
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the include/net/dst_metadata.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 5.17 rc12
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4
https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540
https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a
https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88
https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1
https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314
https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108
https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.267
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.302
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.180
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
