#VU94403 Memory leak in Linux kernel - CVE-2022-48822

Vulnerability identifier: #VU94403

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48822

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/32048f4be071f9a6966744243f1786f45bb22dc2
https://git.kernel.org/stable/c/cfe5f6fd335d882bcc829a1c8a7d462a455c626e
https://git.kernel.org/stable/c/c9fc422c9a43e3d58d246334a71f3390401781dc
https://git.kernel.org/stable/c/0042178a69eb77a979e36a50dcce9794a3140ef8
https://git.kernel.org/stable/c/72a8aee863af099d4434314c4536d6c9a61dcf3c
https://git.kernel.org/stable/c/3e078b18753669615301d946297bafd69294ad2c
https://git.kernel.org/stable/c/ebe2b1add1055b903e2acd86b290a85297edc0b3

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.