CVE-2022-45887 is a medium-severity vulnerability identified in the Linux kernel versions up to 6.0.9, specifically within the USB driver for the ttusb-dec device (drivers/media/usb/ttusb-dec/ttusb_dec.c). The issue arises due to a memory leak caused by the absence of a call to dvb_frontend_detach, which is responsible for properly releasing resources associated with the DVB frontend device. This memory leak can lead to resource exhaustion over time if the affected driver is repeatedly initialized and torn down without proper cleanup. The vulnerability is categorized under CWE-362 (Race Condition) and CWE-772 (Missing Release of Resource after Effective Lifetime), indicating that improper resource management and potential concurrency issues contribute to the problem. The CVSS v3.1 score is 4.7 (medium), with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, meaning the attack requires local access with low privileges, high attack complexity, no user interaction, and impacts availability only. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, though it is likely that kernel maintainers have addressed or will address this issue in subsequent releases. The vulnerability does not affect confidentiality or integrity but can degrade system availability through memory exhaustion, potentially causing denial of service on affected systems using the ttusb-dec USB device driver.

For European organizations, the impact of CVE-2022-45887 is primarily related to system availability. Organizations that deploy Linux systems with the affected kernel versions and utilize USB devices relying on the ttusb-dec driver—commonly used for DVB (Digital Video Broadcasting) USB devices—may experience memory leaks leading to degraded performance or system crashes. This can disrupt services dependent on these devices, such as media streaming, broadcasting, or other multimedia applications. While the scope of affected systems is relatively narrow due to the specific driver involved, critical infrastructure or media companies using Linux-based DVB USB devices could face operational interruptions. The requirement for local access and low privileges limits remote exploitation, reducing risk from external attackers but increasing concern for insider threats or compromised internal systems. Given the high attack complexity, exploitation is not trivial, but persistent exploitation attempts could cause denial of service conditions. The lack of impact on confidentiality and integrity reduces risks related to data breaches or unauthorized modifications.

To mitigate CVE-2022-45887, European organizations should: 1) Identify Linux systems running kernel versions up to 6.0.9 that have the ttusb-dec driver loaded, particularly those using DVB USB devices. 2) Upgrade the Linux kernel to a version where this vulnerability is patched; monitor kernel release notes and security advisories for updates addressing this issue. 3) If immediate kernel upgrades are not feasible, consider unloading the ttusb-dec driver or disabling the affected USB DVB devices where possible to prevent exploitation. 4) Implement monitoring for unusual memory usage patterns or system instability on affected hosts to detect potential exploitation attempts. 5) Restrict local access to trusted users only, enforce strict privilege separation, and audit local user activities to reduce the risk of exploitation by low-privilege users. 6) Employ system hardening measures such as mandatory access controls (e.g., SELinux, AppArmor) to limit the ability of processes to interact with vulnerable drivers. 7) Maintain up-to-date backups and incident response plans to quickly recover from potential denial of service conditions caused by memory exhaustion.