#VU98860 Memory leak in Linux kernel - CVE-2024-49851
Vulnerability identifier: #VU98860
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_flush_space() function in drivers/char/tpm/tpm2-space.c, within the tpm_dev_transmit() function in drivers/char/tpm/tpm-dev-common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/2c9b228938e9266a1065a3f4fe5c99b7235dc439
http://git.kernel.org/stable/c/ebc4e1f4492d114f9693950621b3ea42b2f82bec
http://git.kernel.org/stable/c/c84ceb546f30432fccea4891163f7050f5bee5dd
http://git.kernel.org/stable/c/82478cb8a23bd4f97935bbe60d64528c6d9918b4
http://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721
http://git.kernel.org/stable/c/3f9f72d843c92fb6f4ff7460d774413cde7f254c
http://git.kernel.org/stable/c/e3aaebcbb7c6b403416f442d1de70d437ce313a7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
