Memory leak in Linux kernel nfc nfcmrvl driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49729 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU104353
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49729
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfcmrvl_play_deferred() function in drivers/nfc/nfcmrvl/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14 - 4.14.284
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0eeec1a8b0cd38c47edeb042980a6aeacecf35ed
https://git.kernel.org/stable/c/1eb0afecfb9cd0f38424b82bd9aaa542310934ee
https://git.kernel.org/stable/c/3e7c7df6991ac349f2fa8540047757df666e610f
https://git.kernel.org/stable/c/3eadc560c1919b8193d17334145dad9a917960e4
https://git.kernel.org/stable/c/6616872cfe7f0474a22dd1f12699f95bcf81a54d
https://git.kernel.org/stable/c/6b4d8b44e7163a77fe942f5b80e1651c1b78c537
https://git.kernel.org/stable/c/8a4d480702b71184fabcf379b80bf7539716752e
https://git.kernel.org/stable/c/f21f908347712b8288ffe83b531b5e977042b29c
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.285
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
