#VU89962 Memory leak in Linux kernel
Vulnerability identifier: #VU89962
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/c57b2bd3247925e253729dce283d6bf6abc9339d
http://git.kernel.org/stable/c/bbc80a972a3c5d7eba3f6c9c07af8fea42f5c513
http://git.kernel.org/stable/c/b0633051a6cb24186ff04ce1af99c7de18c1987e
http://git.kernel.org/stable/c/021c294dff030f3ba38eb81e400ba123db32ecbc
http://git.kernel.org/stable/c/0edd6759167295ea9969e89283b81017b4c688aa
http://git.kernel.org/stable/c/c57bfd8000d7677bf435873b440eec0c47f73a08
http://git.kernel.org/stable/c/5f3f81f1c96b501d180021c23c25e9f48eaab235
http://git.kernel.org/stable/c/d69b39d89f362cfeeb54a68690768d0d257b2c8f
http://git.kernel.org/stable/c/0a045eac8d0427b64577a24d74bb8347c905ac65
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
