#VU93320 Memory leak in Linux kernel
Vulnerability identifier: #VU93320
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16
http://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483
http://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb
http://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e
http://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9
http://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577
http://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8
http://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
