PT-2024-11824 · Linux+3 · Linux Kernel+3

Published

2022-12-08

Updated

2025-02-11

CVE-2022-48955

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the tbnet open() function. This issue occurs when tb ring alloc rx() fails, causing the ida allocated in tb xdomain alloc out hopid() to not be released. The vulnerability can potentially allow access to confidential information.

Recommendations To resolve the issue, apply the fix that adds tb xdomain release out hopid() to the error path to release ida when tb ring alloc rx() fails in tbnet open(). As a temporary workaround, consider restricting access to the tbnet open() function until a patch is available.

Exploit

Fix

Information Disclosure

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-401

Related Identifiers

BDU:2025-01690

CVE-2022-48955

OPENSUSE-SU-2024_3983-1

OPENSUSE-SU-2024_3985-1

OPENSUSE-SU-2024_4131-1

SUSE-SU-2024:3983-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:4082-1

SUSE-SU-2024:4131-1

SUSE-SU-2024:4364-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-11824 · Linux+3 · Linux Kernel+3

CVE-2022-48955

Weakness Enumeration

Related Identifiers

Affected Products

References · 987