Vulnerability identifier: #VU96408
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the int3400_notify() function in drivers/thermal/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f0ddc5184b0127038d05008e2a69f89d1e13f980
http://git.kernel.org/stable/c/c3fa6d1937a8d0828131a04ae2cd2c30d0668693
http://git.kernel.org/stable/c/2e798814e01827871938ff172d2b2ccf1e74b355
http://git.kernel.org/stable/c/e098933866f9e1dd3ef4eebbe2e3d504f970f599
http://git.kernel.org/stable/c/ba9efbbf6745750d34c1e87c9539ce9db645ca0a
http://git.kernel.org/stable/c/33c73a4d7e7b19313a6b417152f5365016926418
http://git.kernel.org/stable/c/3abea10e6a8f0e7804ed4c124bea2d15aca977c8
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.