#VU89991 Memory leak in Linux kernel - CVE-2024-27076
Vulnerability identifier: #VU89991
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/8c2e4efe1278cd2b230cdbf90a6cefbf00acc282
https://git.kernel.org/stable/c/5d9fe604bf9b5b09d2215225df55f22a4cbbc684
https://git.kernel.org/stable/c/b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b
https://git.kernel.org/stable/c/8df9a3c7044b847e9c4dc7e683fd64c6b873f328
https://git.kernel.org/stable/c/d164ddc21e986dd9ad614b4b01746e5457aeb24f
https://git.kernel.org/stable/c/42492b00156c03a79fd4851190aa63045d6a15ce
https://git.kernel.org/stable/c/6c92224721a439d6350db5933a1060768dcd565e
https://git.kernel.org/stable/c/4797a3dd46f220e6d83daf54d70c5b33db6deb01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
