#VU90475 Memory leak in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90475

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26829

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the irtoy_tx() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae
http://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff
http://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef
http://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e
http://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621
http://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110433788e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability