#VU100162 Memory leak in Linux kernel - CVE-2024-50236
Vulnerability identifier: #VU100162
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmi_process_mgmt_tx_comp() and ath10k_wmi_mgmt_tx_clean_up_pending() functions in drivers/net/wireless/ath/ath10k/wmi.c, within the ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/eff818238bedb9c2484c251ec46f9f160911cdc0
http://git.kernel.org/stable/c/6fc9af3df6ca7f3c94774d20f62dc7b49616026d
http://git.kernel.org/stable/c/4112450da7d67b59ccedc2208bae622db17dbcb8
http://git.kernel.org/stable/c/705be2dc45c7f852e211e16bc41a916fab741983
http://git.kernel.org/stable/c/6cc23898e6ba47e976050d3c080b4d2c1add3748
http://git.kernel.org/stable/c/5f5a939759c79e7385946c85e62feca51a18d816
http://git.kernel.org/stable/c/2f6f1e26ac6d2b38e2198a71f81f0ade14d6b07b
http://git.kernel.org/stable/c/e15d84b3bba187aa372dff7c58ce1fd5cb48a076
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
