SB2025022694 - Memory leak in Linux kernel sysdev xive
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025022694
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2022-49437)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xive_spapr_init() and xive_irq_bitmap_remove_all() functions in arch/powerpc/sysdev/xive/spapr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1d1fb9618bdd5a5fbf9a9eb75133da301d33721c
- https://git.kernel.org/stable/c/65f11ccdd746e0e7f0b469cc989ba43d4f30ecfe
- https://git.kernel.org/stable/c/6e806485d851986a2445267608f27cb4ba2ed774
- https://git.kernel.org/stable/c/cc62dde2a5f4ba14016fd9caec76f08d388f4b9c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.3