Memory leak in Linux kernel

Vulnerability identifier: #VU89983

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35852

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758
https://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d
https://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f
https://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04
https://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab
https://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d
https://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

#VU89983 Memory leak in Linux kernel - CVE-2024-35852

Q & A

Latest bulletins with this vulnerability