7.8
CVE-2021-47087
- EPSS 0.23%
- Veröffentlicht 04.03.2024 18:15:07
- Zuletzt bearbeitet 16.01.2025 17:19:57
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
tee: optee: Fix incorrect page free bug
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.4.140 < 5.4.169
Linux ≫ Linux Kernel Version >= 5.10.58 < 5.10.89
Linux ≫ Linux Kernel Version >= 5.14 < 5.15.12
Linux ≫ Linux Kernel Version5.16 Updaterc1
Linux ≫ Linux Kernel Version5.16 Updaterc2
Linux ≫ Linux Kernel Version5.16 Updaterc3
Linux ≫ Linux Kernel Version5.16 Updaterc4
Linux ≫ Linux Kernel Version5.16 Updaterc5
Linux ≫ Linux Kernel Version5.16 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.14 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-763 Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
https://git.kernel.org/stable/c/18549bf4b21c739a9def39f27dcac53e27286ab5
https://git.kernel.org/stable/c/806142c805cacd098e61bdc0f72c778a2389fe4a
https://git.kernel.org/stable/c/91e94e42f6fc49635f1a16d8ae3f79552bcfda29
https://git.kernel.org/stable/c/ad338d825e3f7b96ee542bf313728af2d19fe9ad