#VU91644 Memory leak in Linux kernel


Published: 2024-06-10

Vulnerability identifier: #VU91644

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26977

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/5e4b23e7a7b33a1e56bfa3e5598138a2234d55b6
http://git.kernel.org/stable/c/6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8
http://git.kernel.org/stable/c/b5d40f02e7222da032c2042aebcf2a07de9b342f
http://git.kernel.org/stable/c/f3749345a9b7295dd071d0ed589634cb46364f77
http://git.kernel.org/stable/c/af280e137e273935f2e09f4d73169998298792ed
http://git.kernel.org/stable/c/7626913652cc786c238e2dd7d8740b17d41b2637


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability