5.5

CVE-2021-46968

EPSS 0.02%
Published 27.02.2024 19:04:07
Last modified 08.01.2025 16:50:33
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

s390/zcrypt: fix zcard and zqueue hot-unplug memleak

Tests with kvm and a kmemdebug kernel showed, that on hot unplug the
zcard and zqueue structs for the unplugged card or queue are not
properly freed because of a mismatch with get/put for the embedded
kref counter.

This fix now adjusts the handling of the kref counters. With init the
kref counter starts with 1. This initial value needs to drop to zero
with the unregister of the card or queue to trigger the release and
free the object.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10 < 5.10.36

Linux ≫ Linux Kernel Version >= 5.11 < 5.11.20

Linux ≫ Linux Kernel Version >= 5.12 < 5.12.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524

Patch

https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599

Patch

https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2

Patch

https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-46968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-46968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-46968

EUVD