#VU91632 Memory leak in Linux kernel
Vulnerability identifier: #VU91632
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f12554b0ff639e74612cc01b3b4a049e098d2d65
http://git.kernel.org/stable/c/14184ec5c958b589ba934da7363a2877879204df
http://git.kernel.org/stable/c/1bcacd6088d61c0ac6a990d87975600a81f3247e
http://git.kernel.org/stable/c/f4e6a7f19c82f39b1803e91c54718f0d7143767d
http://git.kernel.org/stable/c/81de2ed06df8b5451e050fe6a318af3263dbff3f
http://git.kernel.org/stable/c/05b2b9f7d24b5663d9b47427fe1555bdafd3ea02
http://git.kernel.org/stable/c/b4f7a9fc9d094c0c4a66f2ad7c37b1dbe9e78f88
http://git.kernel.org/stable/c/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
