Memory leak in Linux kernel

#VU89927 Memory leak in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-05-30

Vulnerability identifier: #VU89927

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36942

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qca_download_firmware() function in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9
http://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a
http://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f
http://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3
http://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Memory leak in Linux kernel bluetooth