SB20250226186 - Memory leak in Linux kernel powerpc kernel
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226186
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2022-49113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the format_show() function in arch/powerpc/kernel/secvar-sysfs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02222bf4f0a27f6eba66d1f597cdb5daadd51829
- https://git.kernel.org/stable/c/2a71e3ecd829a82013cf095c55068c61d991e885
- https://git.kernel.org/stable/c/c105ffb6b9744158e37e9f81f0f38861951d1c1f
- https://git.kernel.org/stable/c/d05e4265d33af60b39606c20c731e3e719bfe3d6
- https://git.kernel.org/stable/c/d601fd24e6964967f115f036a840f4f28488f63f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.111
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18