#VU89979 Memory leak in Linux kernel
Vulnerability identifier: #VU89979
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a
http://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c
http://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951
http://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82
http://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c
http://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
