#VU90431 Memory leak in Linux kernel
Vulnerability identifier: #VU90431
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6
http://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae
http://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd
http://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c
http://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e
http://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574
http://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565
http://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
