#VU91658 Memory leak in Linux kernel


Published: 2024-06-10

Vulnerability identifier: #VU91658

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47054

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qcom_ebi2_probe() function in drivers/bus/qcom-ebi2.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/a6191e91c10e50bd51db65a00e03d02b6b0cf8c4
http://git.kernel.org/stable/c/94810fc52925eb122a922df7f9966cf3f4ba7391
http://git.kernel.org/stable/c/a399dd80e697a02cfb23e2fc09b87849994043d9
http://git.kernel.org/stable/c/3a76ec28824c01b57aa1f0927841d75e4f167cb8
http://git.kernel.org/stable/c/00f6abd3509b1d70d0ab0fbe65ce5685cebed8be
http://git.kernel.org/stable/c/6b68c03dfc79cd95a58dfd03f91f6e82829a1b0c
http://git.kernel.org/stable/c/c6f8e0dc8da1cd78d640dee392071cc2326ec1b2
http://git.kernel.org/stable/c/ac6ad7c2a862d682bb584a4bc904d89fa7721af8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Cloud Tiering Appliance
Multiple vulnerabilities in Dell Secure Connect Gateway
Memory leak in Linux kernel bus driver