#VU89967 Memory leak in Linux kernel
Vulnerability identifier: #VU89967
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/25e9f88c7e3cc35f5e3d3db199660d28a15df639
http://git.kernel.org/stable/c/2250392d930bd0d989f24d355d6355b0150256e7
http://git.kernel.org/stable/c/f4f502a04ee1e543825af78f47eb7785015cd9f6
http://git.kernel.org/stable/c/2397b9e118721292429fea8807a698e71b94795f
http://git.kernel.org/stable/c/414bb4ead1362ef2c8592db723c017258f213988
http://git.kernel.org/stable/c/0d2dd40a7be61b89a7c99dae8ee96389d27b413a
http://git.kernel.org/stable/c/064c2616234a7394867c924b5c1303974f3a4f4d
http://git.kernel.org/stable/c/ca6e11c337daf7925ff8a2aac8e84490a8691905
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
