#VU89960 Memory leak in Linux kernel
Vulnerability identifier: #VU89960
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c
http://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc
http://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584
http://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
http://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67
http://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32
http://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2
http://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5
http://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
