PT-2022-6860 · Linux+9 · Linux Kernel+9

Hyunwoo Kim

·

Published

2022-11-15

·

Updated

2024-06-15

·

CVE-2022-45887

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.0.9
Description An issue in the Linux kernel is related to a memory leak in the drivers/media/usb/ttusb-dec/ttusb dec.c component due to the lack of a dvb frontend detach call. This can potentially allow an attacker to perform a denial-of-service attack.
Recommendations For Linux kernel versions through 6.0.9, consider updating to a version that includes a fix for the memory leak issue in the drivers/media/usb/ttusb-dec/ttusb dec.c component. As a temporary workaround, restricting access to the vulnerable component may help minimize the risk of exploitation.

Exploit

Fix

DoS

Missing Release of Resource after Effective Lifetime

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-362

Related Identifiers

ALSA-2023:7077
ALT-PU-2022-3220
ALT-PU-2022-3303
ALT-PU-2022-3364
ALT-PU-2022-3371
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-11486
BDU:2023-05191
CESA-2023_6901
CESA-2023_7077
CVE-2022-45887
OESA-2023-1666
OESA-2023-1667
OESA-2023-1668
OESA-2023-1669
OESA-2023-1670
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2024:12994-1
OPENSUSE-SU-2024:13704-1
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:0724
RHSA-2024:1404
SUSE-SU-2023:2500-1
SUSE-SU-2023:2501-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2537-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2653-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
SUSE-SU-2024:0112-1
USN-6412-1
USN-6466-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu