Memory leak in Linux kernel - CVE-2022-49794
Published: May 2, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108201
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49794
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at91_adc_allocate_trigger() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2022-49794
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/1bf8c0aff8fb5c4edf3ba6728e6bedbd610d7f4b
- https://git.kernel.org/stable/c/2b29a7f2d52fb5281b30cf61c947d88bab18a29b
- https://git.kernel.org/stable/c/65f20301607d07ee279b0804d11a05a62a6c1a1c
- https://git.kernel.org/stable/c/7b75515728b628a9a7540f201efdeb8ca7299385
- https://git.kernel.org/stable/c/85d2a8b287a89853c0dcfc5a97b5e9d36376fe37
- https://git.kernel.org/stable/c/a0d98ae5a62a7bbad8fcf9fa22e0a1274197bbc4
- https://git.kernel.org/stable/c/c27a3b6ba23350708cf5ab9962337447b51eb76d
- https://git.kernel.org/stable/c/c3ce73f60599a483dca7becd4112508833a40ef9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.334