#VU89991 Memory leak in Linux kernel
Vulnerability identifier: #VU89991
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8c2e4efe1278cd2b230cdbf90a6cefbf00acc282
http://git.kernel.org/stable/c/5d9fe604bf9b5b09d2215225df55f22a4cbbc684
http://git.kernel.org/stable/c/b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b
http://git.kernel.org/stable/c/8df9a3c7044b847e9c4dc7e683fd64c6b873f328
http://git.kernel.org/stable/c/d164ddc21e986dd9ad614b4b01746e5457aeb24f
http://git.kernel.org/stable/c/42492b00156c03a79fd4851190aa63045d6a15ce
http://git.kernel.org/stable/c/6c92224721a439d6350db5933a1060768dcd565e
http://git.kernel.org/stable/c/4797a3dd46f220e6d83daf54d70c5b33db6deb01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
