CVE-2022-1651Missing Release of Memory after Effective Lifetime in Kernel

CWE-401Missing Release of Memory after Effective Lifetime8 documents7 sources
Severity
7.1HIGHNVD
OSV4.4
EPSS
0.0%
top 86.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.67.1-4 ON CBL Mariner 2.0+5 more
Timeline
PublishedJul 26
Latest updateJul 27

Description

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages11 packages

NVDlinux/linux_kernel5.125.15.33+2
Debianlinux/linux_kernel< 5.17.3-1+2
Ubuntulinux/linux_kernel< 5.15.0-37.39
CVEListV5linux/linux_kernelLinux kernel version prior to kernel 5.18 rc1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-39rf-5f5g-vgx4: A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm2022-07-27
OSV
CVE-2022-1651: A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm2022-07-26
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities2022-06-08

📋Vendor Advisories

4
Microsoft
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged2022-07-12
Ubuntu
Linux kernel vulnerabilities2022-06-08
Red Hat
kernel: A memory leak problem in acrn_dev_ioctl()2022-03-17
Debian
CVE-2022-1651: linux - A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the driver...2022