Memory leak in Linux kernel isdn mISDN driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-49915 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU108158
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49915
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 6.1 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/029d5b7688a2f3a86f2a3be5a6ba9cc968c80e41
https://git.kernel.org/stable/c/080aabfb29b2ee9cbb8894a1d039651943d3773e
https://git.kernel.org/stable/c/0d4e91efcaee081e919b3c50e875ecbb84290e41
https://git.kernel.org/stable/c/2ff6b669523d3b3d253a044fa9636a67d0694995
https://git.kernel.org/stable/c/a636fc5a7cabd05699b5692ad838c2c7a3abec7b
https://git.kernel.org/stable/c/d1d1aede313eb2b9a84afd60ff6cfb7c33631e0e
https://git.kernel.org/stable/c/e77d213843e67b4373285712699b692f9c743f61
https://git.kernel.org/stable/c/e7d1d4d9ac0dfa40be4c2c8abd0731659869b297
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.299
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.265
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.333
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.154
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.78
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.224
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
