#VU101980 Memory leak in Linux kernel - CVE-2024-56747
Vulnerability identifier: #VU101980
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/10a6fc486ac40a410f0fb84cc15161238eccd20a
https://git.kernel.org/stable/c/20b775cf274cfbfa3da871a1108877e17b8b19e1
https://git.kernel.org/stable/c/4e48e5b26b3edc0e1dd329201ffc924a7a1f9337
https://git.kernel.org/stable/c/95bbdca4999bc59a72ebab01663d421d6ce5775d
https://git.kernel.org/stable/c/a4d2011cbe039b25024831427b60ab91ee247066
https://git.kernel.org/stable/c/b778b5240485106abf665eb509cc01779ed0cb00
https://git.kernel.org/stable/c/bb8b45883eb072adba297922b67d1467082ac880
https://git.kernel.org/stable/c/cfc76acaf2c4b43d1e140f1e4cbde15adb540bc5
https://git.kernel.org/stable/c/eaf92fad1f21be63427920c12f22227e5f757424
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
