#VU89963 Memory leak in Linux kernel
Vulnerability identifier: #VU89963
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cma_resolve_ib_route() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b
http://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a
http://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8
http://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f
http://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972
http://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6
http://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939
http://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac
http://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
