#VU89958 Memory leak in Linux kernel - CVE-2021-47319


Vulnerability identifier: #VU89958

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47319

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtblk_freeze() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a
https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c
https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815
https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f
https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358
https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0
https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae
https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710
https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Secure Connect Gateway
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Memory leak in Linux kernel block driver