SB2024071725 - Memory leak in Linux kernel net ieee802154 driver
Published: July 17, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071725
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2022-48794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the at86rf230_async_error_recover_complete() and at86rf230_async_error_recover() functions in drivers/net/ieee802154/at86rf230.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/d2a1eaf51b7d4412319adb6acef114ba472d1692
- https://git.kernel.org/stable/c/af649e5c95f56df64363bc46f6746b87819f9c0d
- https://git.kernel.org/stable/c/6312f6a53fd3ea38125dcaca5e3c9aa7d8a60cf7
- https://git.kernel.org/stable/c/455ef08d6e5473526fa6763f75a93f7198206966
- https://git.kernel.org/stable/c/0fd484644c68897c490a3307bfcc8bf767df5a43
- https://git.kernel.org/stable/c/23b2a25382400168427ea278f3d8bf4ecfd333bf
- https://git.kernel.org/stable/c/1c72f04d52b7200bb83426a9bed378668271ea4a
- https://git.kernel.org/stable/c/e5ce576d45bf72fd0e3dc37eff897bfcc488f6a9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.231
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.303
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.102
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.181