5.5

CVE-2021-47071

uio_hv_generic: Fix a memory leak in error handling paths

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Fix a memory leak in error handling paths

If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be
updated and 'hv_uio_cleanup()' in the error handling path will not be
able to free the corresponding buffer.

In such a case, we need to free the buffer explicitly.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.20 < 5.4.122
LinuxLinux Kernel Version >= 5.5 < 5.10.40
LinuxLinux Kernel Version >= 5.11 < 5.12.7
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.142
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/3ee098f96b8b6c1a98f7f97915f8873164e6af9d
Patch
https://git.kernel.org/stable/c/53486c467e356e06aa37047c984fccd64d78c827
Patch
https://git.kernel.org/stable/c/cdd91637d4ef33e2be19a8e16e72e7d00c996d76
Patch
https://git.kernel.org/stable/c/d84b5e912212b05f6b5bde9f682046accfbe0354
Patch