#VU98854 Memory leak in Linux kernel - CVE-2024-49975
Vulnerability identifier: #VU98854
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0
https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492
https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8
https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8
https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee
https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6
https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
