Memory leak in Linux kernel video fbdev driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-50109 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU111317
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-50109
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the clcdfb_of_init_display() function in drivers/video/fbdev/amba-clcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: 5.10 - 5.10.136
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.3:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2688df86c02da6bdc9866b62d974e169a2678883
https://git.kernel.org/stable/c/26c2b7d9fac42eb8317f3ceefa4c1a9a9170ca69
https://git.kernel.org/stable/c/29f06f1905c312671a09ee85ca92ac04a1d9f305
https://git.kernel.org/stable/c/49a4c1a87ef884e43cdda58b142a2a30f2f09efc
https://git.kernel.org/stable/c/a51519ebd0fdad3546463018b8f6bc3b0f4d3032
https://git.kernel.org/stable/c/a88ab277cca99aeb9a3b2b7db358f1a6dd528b0c
https://git.kernel.org/stable/c/a97ff8a949dbf41be89f436b2b1a2b3d794493df
https://git.kernel.org/stable/c/da276dc288bf838ea0fd778b5441ec0f601c69f7
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
