SB2024071301 - Memory leak in Linux kernel misc vmw_vmci driver
Published: July 13, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071301
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-39499)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81
- https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd
- https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3
- https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae
- https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee
- https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8
- https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb
- https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35