CVE-2022-48669: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48669 is a memory leak vulnerability discovered in the Linux kernel's powerpc/pseries subsystem. The issue was identified in the paprgetattr() function where a buffer allocation through krealloc() could fail without properly freeing the original buffer. This vulnerability was first disclosed on May 1, 2024 and affects the Linux kernel's PowerPC platform support (NVD).

The vulnerability exists in the paprgetattr() function within the PowerPC pSeries platform code. When krealloc() fails to allocate a new buffer, the original buffer is not properly freed, leading to a memory leak. The issue stems from the original code not handling the failure case of krealloc() correctly. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in memory leaks in the Linux kernel when running on PowerPC pSeries systems. While this does not lead to direct code execution or information disclosure, it can cause system resource depletion over time if triggered repeatedly (Kernel Commit).

The vulnerability has been fixed in the Linux kernel through a patch that properly handles the krealloc() failure case by freeing the original buffer. The fix has been backported to various maintained kernel versions. Users should update their kernel to a patched version. For Ubuntu users, fixes are available in version 6.8.0-35.35 for Ubuntu 24.04 LTS and other affected releases (Ubuntu).