#VU92886 Memory leak in Linux kernel
Vulnerability identifier: #VU92886
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fanout_add() and packet_create() functions in net/packet/af_packet.c, within the ptype_seq_show() function in net/core/net-procfs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779
http://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908
http://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7
http://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54
http://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092
http://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6
http://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b
http://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee
http://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
