#VU93016 Memory leak in Linux kernel
Vulnerability identifier: #VU93016
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a40209d355afe4ed6d533507838c9e5cd70a76d8
http://git.kernel.org/stable/c/f5f4675960609d8c5ee95f027fbf6ce380f98372
http://git.kernel.org/stable/c/6752dfcfff3ac3e16625ebd3f0ad9630900e7e76
http://git.kernel.org/stable/c/9eeda3e0071a329af1eba15f4e57dc39576bb420
http://git.kernel.org/stable/c/e9c96d01d520498b169ce734a8ad1142bef86a30
http://git.kernel.org/stable/c/59f86a2908380d09cdc726461c0fbb8d8579c99f
http://git.kernel.org/stable/c/ebfb16fc057a016abb46a9720a54abf0d4f6abe1
http://git.kernel.org/stable/c/a6c11c0a5235fb144a65e0cb2ffd360ddc1f6c32
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
