5.5

CVE-2021-47009

KEYS: trusted: Fix memory leak on object td

In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Fix memory leak on object td

Two error return paths are neglecting to free allocated object td,
causing a memory leak. Fix this by returning via the error return
path that securely kfree's td.

Fixes clang scan-build warning:
security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential
memory leak [unix.Malloc]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.20 < 5.10.38
LinuxLinux Kernel Version >= 5.11.3 < 5.11.22
LinuxLinux Kernel Version >= 5.12 < 5.12.5
LinuxLinux Kernel Version5.12 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44c
Patch
https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8
Patch
https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57af
Patch
https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321
Patch