#VU89945 Memory leak in Linux kernel
Vulnerability identifier: #VU89945
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidtv_mux_init() and vidtv_channel_si_destroy() functions in drivers/media/test-drivers/vidtv/vidtv_mux.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/64863ba8e6b7651d994c6e6d506cc8aa2ac45edb
http://git.kernel.org/stable/c/980be4c3b0d51c0f873fd750117774561c66cf68
http://git.kernel.org/stable/c/a254ee1ddc592ae1efcce96b8c014e1bd2d5a2b4
http://git.kernel.org/stable/c/cb13001411999adb158b39e76d94705eb2da100d
http://git.kernel.org/stable/c/aae7598aff291d4d140be1355aa20930af948785
http://git.kernel.org/stable/c/1fd6eb12642e0c32692924ff359c07de4b781d78
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
