5.5

CVE-2021-47364

comedi: Fix memory leak in compat_insnlist()

In the Linux kernel, the following vulnerability has been resolved:

comedi: Fix memory leak in compat_insnlist()

`compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST`
ioctl (whenwhen `CONFIG_COMPAT` is enabled).  It allocates memory to
temporarily hold an array of `struct comedi_insn` converted from the
32-bit version in user space.  This memory is only being freed if there
is a fault while filling the array, otherwise it is leaked.

Add a call to `kfree()` to fix the leak.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.8 < 5.10.70
LinuxLinux Kernel Version >= 5.11 < 5.14.9
LinuxLinux Kernel Version5.15 Updaterc1
LinuxLinux Kernel Version5.15 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/8d6a21e4cd6a319b0662cbe4ad6199e276ac776a
Patch
https://git.kernel.org/stable/c/bb509a6ffed2c8b0950f637ab5779aa818ed1596
Patch
https://git.kernel.org/stable/c/f217b6c1e28ed0b353634ce4d92a155b80bd1671
Patch