Memory leak in Linux kernel

#VU89382 Memory leak in Linux kernel

Published: 2024-05-13

Vulnerability identifier: #VU89382

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52610

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/172ba7d46c202e679f3ccb10264c67416aaeb1c4
http://git.kernel.org/stable/c/0b5b831122fc3789fff75be433ba3e4dd7b779d4
http://git.kernel.org/stable/c/73f7da5fd124f2cda9161e2e46114915e6e82e97
http://git.kernel.org/stable/c/f5346df0591d10bc948761ca854b1fae6d2ef441
http://git.kernel.org/stable/c/3f14b377d01d8357eba032b4cabc8c1149b458b6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for kernel-rt

Red Hat Enterprise Linux 9 update for kernel

Memory leak in Linux kernel scheduler