Memory leak in Linux kernel marvell libertas driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-35828 |
| CWE-ID | CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Memory leak
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186
http://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf
http://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7
http://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2
http://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9
http://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3
http://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591
http://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab
http://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
