#VU94204 Memory leak in Linux kernel - CVE-2024-40932
Vulnerability identifier: #VU94204
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819
https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8
https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003
https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226
https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1
https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224
https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d
https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
