#VU98852 Memory leak in Linux kernel - CVE-2024-49881
Vulnerability identifier: #VU98852
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/6766937d0327000ac1b87c97bbecdd28b0dd6599
https://git.kernel.org/stable/c/a9fcb1717d75061d3653ed69365c8d45331815cd
https://git.kernel.org/stable/c/6801ed1298204d16a38571091e31178bfdc3c679
https://git.kernel.org/stable/c/f55ecc58d07a6c1f6d6d5b5af125c25f8da0bda2
https://git.kernel.org/stable/c/b63481b3a388ee2df9e295f97273226140422a42
https://git.kernel.org/stable/c/11b230100d6801c014fab2afabc8bdea304c1b96
https://git.kernel.org/stable/c/5b4b2dcace35f618fe361a87bae6f0d13af31bc1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
