#VU96290 Memory leak in Linux kernel - CVE-2024-43861

Vulnerability identifier: #VU96290

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43861

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
http://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662
http://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4
http://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5
http://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f
http://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446
http://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384
http://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43a001882
http://git.kernel.org/stable/c/7ab107544b777c3bd7feb9fe447367d8edd5b202

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.