#VU100610 Memory leak in Linux kernel - CVE-2024-50265
Vulnerability identifier: #VU100610
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ocfs2_xa_remove() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/38cbf13b2e7a31362babe411f7c2c3c52cd2734b
https://git.kernel.org/stable/c/168a9b8303fcb0317db4c06b23ce1c0ce2af4e10
https://git.kernel.org/stable/c/6a7e6dcf90fe7721d0863067b6ca9a9442134692
https://git.kernel.org/stable/c/dcc8fe8c83145041cb6c80cac21f6173a3ff0204
https://git.kernel.org/stable/c/86dd0e8d42828923c68ad506933336bcd6f2317d
https://git.kernel.org/stable/c/dd73c942eed76a014c7a5597e6926435274d2c4c
https://git.kernel.org/stable/c/2b5369528ee63c88371816178a05b5e664c87386
https://git.kernel.org/stable/c/0b63c0e01fba40e3992bc627272ec7b618ccaef7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
