#VU94084 Memory leak in Linux kernel
Vulnerability identifier: #VU94084
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/afd5730969aec960a2fee4e5ee839a6014643976
http://git.kernel.org/stable/c/4a3fcf53725b70010d1cf869a2ba549fed6b8fb3
http://git.kernel.org/stable/c/daf341e0a2318b813427d5a78788c86f4a7f02be
http://git.kernel.org/stable/c/61d31ac85b4572d11f8071855c0ccb4f32d76c0c
http://git.kernel.org/stable/c/599a5654215092ac22bfc453f4fd3959c55ea821
http://git.kernel.org/stable/c/0e44d6cbe8de983470c3d2f978649783384fdcb6
http://git.kernel.org/stable/c/f6a99ef4e056c20a138a95cc51332b2b96c8f383
http://git.kernel.org/stable/c/efb9f4f19f8e37fde43dfecebc80292d179f56c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
