#VU93765 Memory leak in Linux kernel
Vulnerability identifier: #VU93765
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81
http://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf
http://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d
http://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23
http://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895
http://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1
http://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9
http://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
