Memory leak in Linux kernel btrfs tests
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49912 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU108155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49912
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the test_no_shared_qgroup() and test_multiple_refs() functions in fs/btrfs/tests/qgroup-tests.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.15 - 5.15.77
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.15:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.15.1:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0a0dead4ad1a2e2a9bdf133ef45111d7c8daef84
https://git.kernel.org/stable/c/203204798831c35d855ecc6417d98267d2d2184b
https://git.kernel.org/stable/c/3f58283d83a588ff5da62fc150de19e798ed2ec2
https://git.kernel.org/stable/c/5d1a47ebf84540e40b5b43fc21aef0d6c0f627d9
https://git.kernel.org/stable/c/d37de92b38932d40e4a251e876cc388f9aee5f42
https://git.kernel.org/stable/c/d81370396025cf63a7a1b5f8bb25a3479203b2ca
https://git.kernel.org/stable/c/da7003434bcab0ae9aba3f2c003e734cae093326
https://git.kernel.org/stable/c/f46ea5fa3320dca4fe0c0926b49a5f14cb85de62
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.78
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
