#VU104241 Memory leak in Linux kernel - CVE-2022-49290
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104241
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49290
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_mesh_setup() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d
- https://git.kernel.org/stable/c/273ebddc5fda2967492cb0b6cdd7d81cfb821b76
- https://git.kernel.org/stable/c/3bbd0000d012f92aec423b224784fbf0f7bf40f8
- https://git.kernel.org/stable/c/46bb87d40683337757a2f902fcd4244b32bb4e86
- https://git.kernel.org/stable/c/4a2d4496e15ea5bb5c8e83b94ca8ca7fb045e7d3
- https://git.kernel.org/stable/c/582d8c60c0c053684f7138875e8150d5749ffc17
- https://git.kernel.org/stable/c/5d3ff9542a40ce034416bca03864709540a36016
- https://git.kernel.org/stable/c/615716af8644813355e014314a0bc1e961250f5a
- https://git.kernel.org/stable/c/c1d9c3628ef0a0ca197595d0f9e01cd3b5dda186
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.274