#VU68552 Memory leak in Linux kernel - CVE-2021-30002


Vulnerability identifier: #VU68552

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-30002

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 5.11.3

External links
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3
https://bugzilla.suse.com/show_bug.cgi?id=1184120
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Red Hat Enterprise Linux 8.6 Extended Update Support update for kernel
Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.6
Multiple vulnerabilities in OpenShift Logging 5.5
Multiple vulnerabilities in Openshift Logging 5.3
Red Hat Enterprise Linux 8 update for kernel-rt
Red Hat Enterprise Linux 8 update for kernel
Multiple vulnerabilities in Oracle Linux
Multiple vulnerabilities in Oracle VM Server for x86
openEuler 20.03 LTS SP1 update for kernel