#VU101981 Memory leak in Linux kernel - CVE-2024-56746

Vulnerability identifier: #VU101981

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56746

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0d3fb3b3e9d66f7b6346e3b90bc0ff48683539ce
https://git.kernel.org/stable/c/29216bb390e36daeebef66abaa02d9751330252b
https://git.kernel.org/stable/c/3dd9df8e5f34c6fc4217a7498c1fb3c352d4afc2
https://git.kernel.org/stable/c/40f4326ed05a3b3537556ff2a844958b9e779a98
https://git.kernel.org/stable/c/bad37309c8b8bf1cfc893750df0951a804009ca0
https://git.kernel.org/stable/c/d10cd53e5a7fb3b7c6f83d4d9a5ea1d97a3ed9a5
https://git.kernel.org/stable/c/d48cbfa90dce506030151915fa3346d67f964af4
https://git.kernel.org/stable/c/f4fbd70e15fafe36a7583954ce189aaf5536aeec
https://git.kernel.org/stable/c/f89d17ae2ac42931be2a0153fecbf8533280c927

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.