Memory leak in Linux kernel phy qualcomm driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49397 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU104269
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49397
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qcom_qmp_phy_create() function in drivers/phy/qualcomm/phy-qcom-qmp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.17 - 5.17.13
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.17:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc8:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.17:rc9:*:*:*:*:*:*
https://git.kernel.org/stable/c/1668ad103679306ba2ef37f758d704e58a3ef1a0
https://git.kernel.org/stable/c/621a4bcfb7aa031e7760d7b156bad7a45df58387
https://git.kernel.org/stable/c/6f3673c8d8eff0c4ab5a5ee0d3ca9717d85419b4
https://git.kernel.org/stable/c/ad9b0fad02f9b3a06ad5ac7df11f244e316a6254
https://git.kernel.org/stable/c/b246695636a861a09f0e2cde92bb2dd8f114f024
https://git.kernel.org/stable/c/b999d48b0869b8599de532ff6081575a7ab5358a
https://git.kernel.org/stable/c/f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df
https://git.kernel.org/stable/c/f8d23895a41243c6a8dbf392e531fff9497bb023
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
