Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-26840 |
CWE-ID | CWE-401 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083
http://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285
http://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8
http://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579
http://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58
http://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3
http://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a
http://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.