Memory leak in Linux kernel

#VU89946 Memory leak in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-05-30

Vulnerability identifier: #VU89946

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47231

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/89df95ce32be204eef2e7d4b2f6fb552fb191a68
http://git.kernel.org/stable/c/a115198caaab6d663bef75823a3c5f0802306d60
http://git.kernel.org/stable/c/6f87c0e21ad20dd3d22108e33db1c552dfa352a0
http://git.kernel.org/stable/c/6bd3d80d1f019cefa7011056c54b323f1d8b8e83
http://git.kernel.org/stable/c/d0760a4ef85697bc756d06eae17ae27f3f055401
http://git.kernel.org/stable/c/91c02557174be7f72e46ed7311e3bea1939840b0

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM QRadar SIEM

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

Memory leak in Linux kernel can usb driver