PT-2022-7620 · Linux+2 · Linux Kernel+2

Published

2022-03-03

Updated

2024-09-27

CVE-2022-48907

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17

Description The issue is related to a memory leak in the lcd2s component of the Linux kernel. This leak occurs because the struct lcd2s data is never freed once allocated. The problem can be fixed by switching to devm kzalloc(). Exploitation of this vulnerability may allow an attacker to cause a denial of service.

Recommendations To resolve the issue, update the Linux kernel to version 5.17 or later. As a temporary workaround, consider restricting access to the lcd2s component until a patch is applied. However, the most effective solution is to update the kernel to a version that includes the fix for the memory leak.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2024-07464

CVE-2022-48907

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Linux Kernel

Red Os

Suse

PT-2022-7620 · Linux+2 · Linux Kernel+2

CVE-2022-48907

Weakness Enumeration

Related Identifiers

Affected Products

References · 676