#VU94213 Memory leak in Linux kernel
Vulnerability identifier: #VU94213
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d616876256b38ecf9a1a1c7d674192c5346bc69c
http://git.kernel.org/stable/c/e07a9c2a850cdebf625e7a1b8171bd23a8554313
http://git.kernel.org/stable/c/5391f9db2cab5ef1cb411be1ab7dbec728078fba
http://git.kernel.org/stable/c/280cf1173726a7059b628c610c71050d5c0b6937
http://git.kernel.org/stable/c/a02fd5d775cf9787ee7698c797e20f2fa13d2e2b
http://git.kernel.org/stable/c/b6ebe4fed73eedeb73f4540f8edc4871945474c8
http://git.kernel.org/stable/c/d377f5a28332954b19e373d36823e59830ab1712
http://git.kernel.org/stable/c/0b9130247f3b6a1122478471ff0e014ea96bb735
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
