#VU89948 Memory leak in Linux kernel


Vulnerability identifier: #VU89948

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47238

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ip_mc_destroy_dev() function in net/ipv4/igmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422
http://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8
http://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501
http://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758
http://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf733caa076
http://git.kernel.org/stable/c/77de6ee73f54a9a89c0afa0bf4c53b239aa9953a
http://git.kernel.org/stable/c/d8e2973029b8b2ce477b564824431f3385c77083


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability