#VU90447 Memory leak in Linux kernel - CVE-2024-35828
Vulnerability identifier: #VU90447
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186
http://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf
http://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7
http://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2
http://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9
http://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3
http://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23edabaf591
http://git.kernel.org/stable/c/8e243ac649c10922a6b4855170eaefe4c5b3faab
http://git.kernel.org/stable/c/5f0e4aede01cb01fa633171f0533affd25328c3a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
