#VU89988 Memory leak in Linux kernel
Vulnerability identifier: #VU89988
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08
http://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d
http://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30
http://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6
http://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346
http://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a
http://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43
http://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
