Vulnerability identifier: #VU104274
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the clcdfb_of_vram_setup() function in drivers/video/fbdev/amba-clcd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.15.17, 5.15.18, 5.15.19, 5.15.20, 5.15.21, 5.15.22, 5.15.23, 5.15.24, 5.15.25, 5.15.26, 5.15.27, 5.15.28, 5.15.29, 5.15.30, 5.15.31, 5.15.32, 5.15.33, 5.15.34, 5.15.35, 5.15.36, 5.15.37, 5.15.38, 5.15.39, 5.15.40, 5.15.41, 5.15.42, 5.15.43, 5.15.44, 5.15.45
External links
https://git.kernel.org/stable/c/2e2e2c71b2642289438392edbf5d08cdbc0b138b
https://git.kernel.org/stable/c/38d245cebf545338a6bc1c7762023de3fbecd7b7
https://git.kernel.org/stable/c/51eb1bb6baeb478538dd4ec6459fd68c44a855b1
https://git.kernel.org/stable/c/6c92711db7c90f78e0b67ac2a8944d0fe7e12d83
https://git.kernel.org/stable/c/8db59df7f5826e104db82cfddbf22a33a151193e
https://git.kernel.org/stable/c/b23789a59fa6f00e98a319291819f91fbba0deb8
https://git.kernel.org/stable/c/bbb2a24e863b6a10129546a0a4ceea2f07deec39
https://git.kernel.org/stable/c/c1c4405222b6fc98c16e8c2aa679c14e41d81465
https://git.kernel.org/stable/c/f2dfb4ab887d67be7d0892ba041d3c8d738d3356
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.