Memory leak in Linux kernel cachefiles



Published: 2024-05-30
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26840
CWE-ID CWE-401
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU90005

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26840

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083
http://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285
http://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8
http://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579
http://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58
http://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3
http://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a
http://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###