#VU102477 Memory leak in Linux kernel - CVE-2024-56779
Vulnerability identifier: #VU102477
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0ab0a3ad24e970e894abcac58f85c332d1726749
https://git.kernel.org/stable/c/2d505a801e57428057563762f67a5a62009b2600
https://git.kernel.org/stable/c/37dfc81266d3a32294524bfadd3396614f8633ee
https://git.kernel.org/stable/c/45abb68c941ebc9a35c6d3a7b08196712093c636
https://git.kernel.org/stable/c/6f73f920b7ad0084373e46121d7ac34117aed652
https://git.kernel.org/stable/c/98100e88dd8865999dc6379a3356cd799795fe7b
https://git.kernel.org/stable/c/a85364f0d30dee01c5d5b4afa55a9629a8f36d8e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
