#VU90002 Memory leak in Linux kernel
Vulnerability identifier: #VU90002
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa
http://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d
http://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5
http://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2
http://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8
http://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc
http://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e
http://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9
http://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
