The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.00153
Percentile: 0.36751

CVSS Scoring

Mapped CWE(s)

• CWE-401 : Missing Release of Memory after Effective Lifetime

Affected Products

• cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
• cpe:2.3:o:mandriva:linux:10.1:*:*:*:*:*:*:*
• cpe:2.3:o:mandriva:linux:10.2:*:*:*:*:*:*:*
• cpe:2.3:o:mandriva:linux:2006.0:*:*:*:*:*:*:*

← Back to Home