#VU90012 Memory leak in Linux kernel
Vulnerability identifier: #VU90012
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1
http://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8
http://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74
http://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef
http://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7
http://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745
http://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd
http://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
