#VU104304 Memory leak in Linux kernel - CVE-2022-49530
Vulnerability identifier: #VU104304
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the si_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.17, 5.17 rc1, 5.17 rc2, 5.17 rc3, 5.17 rc4, 5.17 rc5, 5.17 rc6, 5.17 rc7, 5.17 rc8, 5.17 rc9, 5.17 rc12, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.17.7, 5.17.8, 5.17.9, 5.17.10, 5.17.11, 5.17.12, 5.17.13
External links
https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7
https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3
https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342
https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4
https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5
https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300
https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9
https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd
https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
