#VU89960 Memory leak in Linux kernel - CVE-2021-47330

Vulnerability identifier: #VU89960

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47330

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/b5a2799cd62ed30c81b22c23028d9ee374e2138c
https://git.kernel.org/stable/c/331f5923fce4f45b8170ccf06c529e8eb28f37bc
https://git.kernel.org/stable/c/34f4590f5ec9859ea9136249f528173d150bd584
https://git.kernel.org/stable/c/cddee5c287e26f6b2ba5c0ffdfc3a846f2f10461
https://git.kernel.org/stable/c/ee16bed959862a6de2913f71a04cb563d7237b67
https://git.kernel.org/stable/c/7a80f71601af015856a0aeb1e3c294037ac3dd32
https://git.kernel.org/stable/c/c39cf4df19acf0133fa284a8cd83fad42cd13cc2
https://git.kernel.org/stable/c/b2ef1f5de40342de44fc5355321595f91774dab5
https://git.kernel.org/stable/c/fad92b11047a748c996ebd6cfb164a63814eeb2e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.