#VU111363 Memory leak in Linux kernel - CVE-2022-50191
Vulnerability identifier: #VU111363
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the of_get_regulation_constraints() function in drivers/regulator/of_regulator.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: 5.19, 5.19 rc1, 5.19 rc4, 5.19 rc5, 5.19 rc6, 5.19.1
External links
https://git.kernel.org/stable/c/11ecb4f8735b0230d54a82c18b21ea778b695d61
https://git.kernel.org/stable/c/332e555dca074c4eb2084898021c3676423814c3
https://git.kernel.org/stable/c/35f9e861d9b9434903a8ede37a3561f78985826d
https://git.kernel.org/stable/c/66efb665cd5ad69b27dca8571bf89fc6b9c628a4
https://git.kernel.org/stable/c/a23098cc32860272dc6c3200ff20c34c65b7b694
https://git.kernel.org/stable/c/b9ca8585c766616563cf3c062c6878f61f83cf00
https://git.kernel.org/stable/c/c9df8ff290097aabd5c9200f7f729b0813d37b19
https://git.kernel.org/stable/c/fc7b19f547bc9e622060a0a9a39da2330aa21c53
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
