5.5

CVE-2021-47190

perf bpf: Avoid memory leak from perf_env__insert_btf()

In the Linux kernel, the following vulnerability has been resolved:

perf bpf: Avoid memory leak from perf_env__insert_btf()

perf_env__insert_btf() doesn't insert if a duplicate BTF id is
encountered and this causes a memory leak. Modify the function to return
a success/error value and then free the memory if insertion didn't
happen.

v2. Adds a return -1 when the insertion error occurs in
    perf_env__fetch_btf. This doesn't affect anything as the result is
    never checked.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 5.4.162
LinuxLinux Kernel Version >= 5.5 < 5.10.82
LinuxLinux Kernel Version >= 5.11 < 5.15.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.138
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc
Patch
https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f
Patch
https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2
Patch
https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e
Patch