#VU89983 Memory leak in Linux kernel


Published: 2024-05-30

Vulnerability identifier: #VU89983

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35852

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758
http://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d
http://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f
http://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04
http://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab
http://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d
http://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability