#VU104277 Memory leak in Linux kernel - CVE-2022-49432
Published: February 26, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU104277
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49432
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the icp_opal_init() function in arch/powerpc/sysdev/xics/icp-opal.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/1d5c8cea85fb1680eae8d645b96b92146cb4633c
- https://git.kernel.org/stable/c/2357bd7499a81c70b460e2191852bbfc7b63c354
- https://git.kernel.org/stable/c/537a317e5ff45d1f5a0ecaf6a0d7c8043c878cb1
- https://git.kernel.org/stable/c/53f3f7f73e609b934083f896cb7ca2c2cb009b9f
- https://git.kernel.org/stable/c/5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9
- https://git.kernel.org/stable/c/6a61a97106279c2aa16fbbb2a171fd5dde127d23
- https://git.kernel.org/stable/c/977dbc81d0f866ef63b93c127b7404f07734b3cc
- https://git.kernel.org/stable/c/9a42bc2494fadb453de00ce61042e588563ddc6d
- https://git.kernel.org/stable/c/df802880a7f9cd96b921b00639b00871f18a9a57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46