SB2024061083 - Memory leak in Linux kernel microchip wilc1000 driver
Published: June 10, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024061083
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-27391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wilc_netdev_ifc_init() function in drivers/net/wireless/microchip/wilc1000/netdev.c, within the wilc_cfg80211_init() function in drivers/net/wireless/microchip/wilc1000/cfg80211.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/515cc676dfbce40d93c92b1ff3c1070e917f4e52
- https://git.kernel.org/stable/c/4041c60a9d543b3ad50225385b072ba68e96166e
- https://git.kernel.org/stable/c/90ae293d1d255f622318fce6eeea2e18f9fde5c1
- https://git.kernel.org/stable/c/9ab0c303ccabfd6bdce14432792d41090070008c
- https://git.kernel.org/stable/c/328efda22af81130c2ad981c110518cb29ff2f1d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2