CVE-2005-3181 — Missing Release of Memory after Effective Lifetime in Kernel

CWE-401 — Missing Release of Memory after Effective Lifetime5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 64.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedOct 12

Latest updateMay 1

Description

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDlinux/linux_kernel2.6.0 — 2.6.13.3

▶NVDmandriva/linux10.1, 10.2, 2006.0+2

Also affects: Debian Linux 3.1, Ubuntu Linux 4.10, 5.04

🔴Vulnerability Details

GHSA

GHSA-433r-f7hr-hvfv: The audit system in Linux kernel 2↗2022-05-01

▶

CVEList

CVE-2005-3181: The audit system in Linux kernel 2↗2005-10-11

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-10-07

▶

💬Community

Bugzilla

CVE-2005-3181 security flaw↗2018-08-16

▶