#VU101982 Memory leak in Linux kernel - CVE-2024-56745

Vulnerability identifier: #VU101982

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56745

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the reset_method_store() function in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12, 6.12.1

---

External links
https://git.kernel.org/stable/c/2985b1844f3f3447f2d938eff1ef6762592065a5
https://git.kernel.org/stable/c/403efb4457c0c8f8f51e904cc57d39193780c6bd
https://git.kernel.org/stable/c/543d0eb40e45c6a51f1bff02f417b602e54472d5
https://git.kernel.org/stable/c/8e098baf6bc3f3a6aefc383509aba07e202f7ee0
https://git.kernel.org/stable/c/931d07ccffcc3614f20aaf602b31e89754e21c59
https://git.kernel.org/stable/c/fe6fae61f3b993160aef5fe2b7141a83872c144f
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.