#VU90005 Memory leak in Linux kernel
Vulnerability identifier: #VU90005
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083
http://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285
http://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8
http://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579
http://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58
http://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3
http://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a
http://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
