Memory leak in Linux kernel pci cx25821 driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49525 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU104303
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49525
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cx25821_finidev() function in drivers/media/pci/cx25821/cx25821-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.17 - 5.17.13
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.17:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc8:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc9:*:*:*:*:*:*
https://git.kernel.org/stable/c/005fd553f5f10fe8618d92f94ad10f9051eac331
https://git.kernel.org/stable/c/1f0fc1dfb5fdd456657519a97fab83691b96c6a0
https://git.kernel.org/stable/c/2203436a4d24302871617373a7eb21bc17e38762
https://git.kernel.org/stable/c/222292930c8ecc3516e03ec1f9fa8448be7ff496
https://git.kernel.org/stable/c/258639bc55a586ee6df92d89786ccf1c71546d70
https://git.kernel.org/stable/c/3f94169affa33c9db4a439d88f09cb2ed3a33332
https://git.kernel.org/stable/c/4d6295b6d986476232332fffd08575b185f90d81
https://git.kernel.org/stable/c/5beb85ff7d005ddb7bf604a4f2dc76f01b84b318
https://git.kernel.org/stable/c/9d92291698e5cc35a2b8a1106a01ddd7d60ade2d
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
