#VU90444 Memory leak in Linux kernel
Vulnerability identifier: #VU90444
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf
http://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a
http://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5
http://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6
http://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876
http://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
