7.8

CVE-2021-47087

tee: optee: Fix incorrect page free bug

In the Linux kernel, the following vulnerability has been resolved:

tee: optee: Fix incorrect page free bug

Pointer to the allocated pages (struct page *page) has already
progressed towards the end of allocation. It is incorrect to perform
__free_pages(page, order) using this pointer as we would free any
arbitrary pages. Fix this by stop modifying the page pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.140 < 5.4.169
LinuxLinux Kernel Version >= 5.10.58 < 5.10.89
LinuxLinux Kernel Version >= 5.14 < 5.15.12
LinuxLinux Kernel Version5.16 Updaterc1
LinuxLinux Kernel Version5.16 Updaterc2
LinuxLinux Kernel Version5.16 Updaterc3
LinuxLinux Kernel Version5.16 Updaterc4
LinuxLinux Kernel Version5.16 Updaterc5
LinuxLinux Kernel Version5.16 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.14
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

https://git.kernel.org/stable/c/18549bf4b21c739a9def39f27dcac53e27286ab5
Patch
https://git.kernel.org/stable/c/806142c805cacd098e61bdc0f72c778a2389fe4a
Patch
https://git.kernel.org/stable/c/91e94e42f6fc49635f1a16d8ae3f79552bcfda29
Patch
https://git.kernel.org/stable/c/ad338d825e3f7b96ee542bf313728af2d19fe9ad
Patch