#VU87987 Memory leak in Linux kernel


Published: 2024-04-02

Vulnerability identifier: #VU87987

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36777

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dvb_media_device_free() function in drivers/media/dvb-core/dvbdev.c. A local user can crash the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275
http://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f
http://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98
http://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b
http://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749
http://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066
http://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82
http://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for kernel-rt
Multiple vulnerabilities in Dell Cloud Tiering Appliance
Multiple vulnerabilities in Dell Secure Connect Gateway
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Denial of service in Linux kernel dvbdev driver