#VU90450 Memory leak in Linux kernel - CVE-2024-27078

Vulnerability identifier: #VU90450

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77
https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79
https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28
https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511
https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d
https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941
https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376fb152a09
https://git.kernel.org/stable/c/622b1cf38521569869c8f7b9fbe9e4f1a289add7
https://git.kernel.org/stable/c/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.