CVE-2007-5494 — Missing Release of Memory after Effective Lifetime in Redhat Enterprise Linux

CWE-3994 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 74.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedNov 30

Latest updateMay 1

Description

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages0 packages

Also affects: Enterprise Linux 4.0, 5.0

🔴Vulnerability Details

GHSA

GHSA-q2pp-wpvj-9w74: Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service↗2022-05-01

▶

📋Vendor Advisories

Red Hat

open(O_ATOMICLOOKUP) leaks dentry↗2007-11-29

▶

💬Community

Bugzilla

CVE-2007-5494 open(O_ATOMICLOOKUP) leaks dentry↗2007-10-02

▶