#VU111279 Memory leak in Linux kernel - CVE-2022-50160


| Updated: 2025-06-21

Vulnerability identifier: #VU111279

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50160

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ap_flash_init() function in drivers/mtd/maps/physmap-versatile.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.15.17, 5.15.18, 5.15.19, 5.15.20, 5.15.21, 5.15.22, 5.15.23, 5.15.24, 5.15.25, 5.15.26, 5.15.27, 5.15.28, 5.15.29, 5.15.30, 5.15.31, 5.15.32, 5.15.33, 5.15.34, 5.15.35, 5.15.36, 5.15.37, 5.15.38, 5.15.39, 5.15.40, 5.15.41, 5.15.42, 5.15.43, 5.15.44, 5.15.45, 5.15.46, 5.15.47, 5.15.48, 5.15.49, 5.15.50, 5.15.51, 5.15.52, 5.15.53, 5.15.54, 5.15.55, 5.15.56, 5.15.57, 5.15.58, 5.15.59, 5.15.60


External links
https://git.kernel.org/stable/c/77087a04c8fd554134bddcb8a9ff87b21f357926
https://git.kernel.org/stable/c/80b1465b2ae81ebb59bbe62bcb7a7f7d4e9ece6f
https://git.kernel.org/stable/c/941ef6997f9db704fe4fd62fc01e420fdd5048b2
https://git.kernel.org/stable/c/995fb2874bb5696357846a91e59181c600e6aac8
https://git.kernel.org/stable/c/a74322d4b897ddc268b340c4a397f6066c2f945d
https://git.kernel.org/stable/c/babd7b0124650ab71a6487e38588b8659b3aa2dc
https://git.kernel.org/stable/c/d10855876a6f47add6ff621cef25cc0171dac162
https://git.kernel.org/stable/c/d5730780e9ea84e5476752a47c749036c6a74af5
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability