5.5

CVE-2021-47538

rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()

Need to call rxrpc_put_local() for peer candidate before kfree() as it
holds a ref to rxrpc_local.

[DH: v2: Changed to abstract the peer freeing code out into a function]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.82 < 4.19.220
LinuxLinux Kernel Version >= 5.3.9 < 5.4
LinuxLinux Kernel Version >= 5.4.1 < 5.4.164
LinuxLinux Kernel Version >= 5.5 < 5.10.84
LinuxLinux Kernel Version >= 5.11 < 5.15.7
LinuxLinux Kernel Version5.4 Update-
LinuxLinux Kernel Version5.4 Updaterc4
LinuxLinux Kernel Version5.4 Updaterc5
LinuxLinux Kernel Version5.4 Updaterc6
LinuxLinux Kernel Version5.4 Updaterc7
LinuxLinux Kernel Version5.4 Updaterc8
LinuxLinux Kernel Version5.16 Updaterc1
LinuxLinux Kernel Version5.16 Updaterc2
LinuxLinux Kernel Version5.16 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.142
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/3e70e3a72d80b16094faccbe438cd53761c3503a
Patch
https://git.kernel.org/stable/c/60f0b9c42cb80833a03ca57c1c8b078d716e71d1
Patch
https://git.kernel.org/stable/c/913c24af2d13a3fd304462916ee98e298d56bdce
Patch
https://git.kernel.org/stable/c/9469273e616ca8f1b6e3773c5019f21b4c8d828c
Patch
https://git.kernel.org/stable/c/beacff50edbd6c9659a6f15fc7f6126909fade29
Patch