SB2024071722 - Memory leak in Linux kernel gadget function driver
Published: July 17, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071722
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2022-48822)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ffs_data_put(), ffs_data_new(), ffs_epfiles_destroy() and ffs_func_eps_disable() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/32048f4be071f9a6966744243f1786f45bb22dc2
- https://git.kernel.org/stable/c/cfe5f6fd335d882bcc829a1c8a7d462a455c626e
- https://git.kernel.org/stable/c/c9fc422c9a43e3d58d246334a71f3390401781dc
- https://git.kernel.org/stable/c/0042178a69eb77a979e36a50dcce9794a3140ef8
- https://git.kernel.org/stable/c/72a8aee863af099d4434314c4536d6c9a61dcf3c
- https://git.kernel.org/stable/c/3e078b18753669615301d946297bafd69294ad2c
- https://git.kernel.org/stable/c/ebe2b1add1055b903e2acd86b290a85297edc0b3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.267
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.230
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.180