#VU90451 Memory leak in Linux kernel
Vulnerability identifier: #VU90451
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333
http://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4
http://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2
http://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef
http://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d
http://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d
http://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87efb52458
http://git.kernel.org/stable/c/9c23ef30e840fedc66948299509f6c2777c9cf4f
http://git.kernel.org/stable/c/8f94b49a5b5d386c038e355bef6347298aabd211
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
