Vigil@nce - Linux kernel: memory leak via CUSE
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local privileged attacker can create a memory leak in CUSE of
the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux.
Severity: 1/4.
Creation date: 03/03/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel implements CUSE (Character devices in USErspace)
to allow access to special devices.
However, the memory allocated during the mount operation is never
freed by the cuse_channel_release() function.
A local privileged attacker can therefore create a memory leak in
CUSE of the Linux kernel, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-memory-leak-via-CUSE-19071