Memory leak in Linux kernel bus driver



Published: 2024-06-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47054
CWE-ID CWE-401
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Memory leak

EUVDB-ID: #VU91658

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47054

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qcom_ebi2_probe() function in drivers/bus/qcom-ebi2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/a6191e91c10e50bd51db65a00e03d02b6b0cf8c4
http://git.kernel.org/stable/c/94810fc52925eb122a922df7f9966cf3f4ba7391
http://git.kernel.org/stable/c/a399dd80e697a02cfb23e2fc09b87849994043d9
http://git.kernel.org/stable/c/3a76ec28824c01b57aa1f0927841d75e4f167cb8
http://git.kernel.org/stable/c/00f6abd3509b1d70d0ab0fbe65ce5685cebed8be
http://git.kernel.org/stable/c/6b68c03dfc79cd95a58dfd03f91f6e82829a1b0c
http://git.kernel.org/stable/c/c6f8e0dc8da1cd78d640dee392071cc2326ec1b2
http://git.kernel.org/stable/c/ac6ad7c2a862d682bb584a4bc904d89fa7721af8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###