#VU94210 Memory leak in Linux kernel - CVE-2024-40997


Vulnerability identifier: #VU94210

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40997

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/448efb7ea0bfa2c4e27c5a2eb5684fd225cd12cd
https://git.kernel.org/stable/c/8015c17fe11a8608cc3eb83d0ab831e1845a9582
https://git.kernel.org/stable/c/cea04f3d9aeebda9d9c063c0dfa71e739c322c81

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Cloud Pak for AIOps
Multiple vulnerabilities in IBM Security Guardium
Multiple vulnerabilities in IBM Storage Copy Data Management
Multiple vulnerabilities in IBM Spectrum Protect Plus
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16
Red Hat Enterprise Linux 9 update for kernel
Multiple vulnerabilities in IBM Technical Support Appliance