Vulnerability identifier: #VU89983
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/51cefc9da400b953fee749c9e5d26cd4a2b5d758
http://git.kernel.org/stable/c/857ed800133ffcfcee28582090b63b0cbb8ba59d
http://git.kernel.org/stable/c/63d814d93c5cce4c18284adc810028f28dca493f
http://git.kernel.org/stable/c/5bfe7bf9656ed2633718388f12b7c38b86414a04
http://git.kernel.org/stable/c/de1aaefa75be9d0ec19c9a3e0e2f9696de20c6ab
http://git.kernel.org/stable/c/d72dd6fcd7886d0523afbab8b4a4b22d17addd7d
http://git.kernel.org/stable/c/fb4e2b70a7194b209fc7320bbf33b375f7114bd5
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.