#VU90471 Memory leak in Linux kernel - CVE-2024-26839
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90471
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-26839
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3
- https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8
- https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7
- https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25
- https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b
- https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896
- https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a
- https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.308
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.150
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8