5.5

CVE-2022-48924

EPSS 0.02%
Veröffentlicht 22.08.2024 02:15:08
Zuletzt bearbeitet 27.08.2024 16:07:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

thermal: int340x: fix memory leak in int3400_notify()

It is easy to hit the below memory leaks in my TigerLake platform:

unreferenced object 0xffff927c8b91dbc0 (size 32):
  comm "kworker/0:2", pid 112, jiffies 4294893323 (age 83.604s)
  hex dump (first 32 bytes):
    4e 41 4d 45 3d 49 4e 54 33 34 30 30 20 54 68 65  NAME=INT3400 The
    72 6d 61 6c 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  rmal.kkkkkkkkkk.
  backtrace:
    [<ffffffff9c502c3e>] __kmalloc_track_caller+0x2fe/0x4a0
    [<ffffffff9c7b7c15>] kvasprintf+0x65/0xd0
    [<ffffffff9c7b7d6e>] kasprintf+0x4e/0x70
    [<ffffffffc04cb662>] int3400_notify+0x82/0x120 [int3400_thermal]
    [<ffffffff9c8b7358>] acpi_ev_notify_dispatch+0x54/0x71
    [<ffffffff9c88f1a7>] acpi_os_execute_deferred+0x17/0x30
    [<ffffffff9c2c2c0a>] process_one_work+0x21a/0x3f0
    [<ffffffff9c2c2e2a>] worker_thread+0x4a/0x3b0
    [<ffffffff9c2cb4dd>] kthread+0xfd/0x130
    [<ffffffff9c201c1f>] ret_from_fork+0x1f/0x30

Fix it by calling kfree() accordingly.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.14 < 4.14.274

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.237

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.188

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.103

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.26

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355

Patch

https://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418

Patch

https://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8

Patch

https://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a

Patch

https://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693

Patch

https://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599

Patch

https://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48924

EUVD