5.5
CVE-2021-47190
- EPSS 0.23%
- Veröffentlicht 10.04.2024 19:15:47
- Zuletzt bearbeitet 07.01.2025 17:11:50
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
perf bpf: Avoid memory leak from perf_env__insert_btf()
In the Linux kernel, the following vulnerability has been resolved:
perf bpf: Avoid memory leak from perf_env__insert_btf()
perf_env__insert_btf() doesn't insert if a duplicate BTF id is
encountered and this causes a memory leak. Modify the function to return
a success/error value and then free the memory if insertion didn't
happen.
v2. Adds a return -1 when the insertion error occurs in
perf_env__fetch_btf. This doesn't affect anything as the result is
never checked.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.1 < 5.4.162
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.82
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.138 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc
https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f
https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2
https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e