#VU101979 Memory leak in Linux kernel - CVE-2024-56748

Vulnerability identifier: #VU101979

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56748

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5
https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4
https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0
https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b
https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34
https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a
https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329
https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.