#VU89966 Memory leak in Linux kernel


Published: 2024-05-30

Vulnerability identifier: #VU89966

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47405

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_ctrl() and usbhid_stop() functions in drivers/hid/usbhid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/7ce4e49146612261265671b1d30d117139021030
http://git.kernel.org/stable/c/efc5c8d29256955cc90d8d570849b2d6121ed09f
http://git.kernel.org/stable/c/c3156fea4d8a0e643625dff69a0421e872d1fdae
http://git.kernel.org/stable/c/764ac04de056801dfe52a716da63f6e7018e7f3b
http://git.kernel.org/stable/c/965147067fa1bedff3ae1f07ce3f89f1a14d2df3
http://git.kernel.org/stable/c/f7ac4d24e1610b92689946fa88177673f1e88a3f
http://git.kernel.org/stable/c/2b704864c92dcec2b295f276fcfbfb81d9831f81
http://git.kernel.org/stable/c/f7744fa16b96da57187dc8e5634152d3b63d72de

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Memory leak in Linux kernel usbhid driver