#VU102477 Memory leak in Linux kernel - CVE-2024-56779
Published: January 9, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU102477
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-56779
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the release_open_stateid(), spin_lock() and nfsd4_process_open2() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0ab0a3ad24e970e894abcac58f85c332d1726749
- https://git.kernel.org/stable/c/2d505a801e57428057563762f67a5a62009b2600
- https://git.kernel.org/stable/c/37dfc81266d3a32294524bfadd3396614f8633ee
- https://git.kernel.org/stable/c/45abb68c941ebc9a35c6d3a7b08196712093c636
- https://git.kernel.org/stable/c/6f73f920b7ad0084373e46121d7ac34117aed652
- https://git.kernel.org/stable/c/98100e88dd8865999dc6379a3356cd799795fe7b
- https://git.kernel.org/stable/c/a85364f0d30dee01c5d5b4afa55a9629a8f36d8e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.287