#VU101984 Memory leak in Linux kernel - CVE-2024-56741
Vulnerability identifier: #VU101984
Vulnerability risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the policy_unpack_test_unpack_strdup_with_null_name(), policy_unpack_test_unpack_strdup_with_name() and policy_unpack_test_unpack_strdup_out_of_bounds() functions in security/apparmor/policy_unpack_test.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/2a9b68f2dc6812bd1b8880b5c00e60203d6f61f6
http://git.kernel.org/stable/c/5354599855a9b5568e05ce686119ee3ff8b19bd5
http://git.kernel.org/stable/c/59a149e7c38e7b76616c8b333fc6aa5b6fb2293c
http://git.kernel.org/stable/c/7290f59231910ccba427d441a6e8b8c6f6112448
http://git.kernel.org/stable/c/89265f88701e54dde255ddf862093baeca57548c
http://git.kernel.org/stable/c/d62ee5739a66644b0e7f11e657d562458cdcdea3
http://git.kernel.org/stable/c/f856246ff6da25c4f8fdd73a9c875e878b085e9f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
