#VU90005 Memory leak in Linux kernel - CVE-2024-26840

Vulnerability identifier: #VU90005

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26840

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083
https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285
https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8
https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579
https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58
https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3
https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a
https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.