5.5

CVE-2026-53210

tee: shm: fix shm leak in register_shm_helper()

In the Linux kernel, the following vulnerability has been resolved:

tee: shm: fix shm leak in register_shm_helper()

register_shm_helper() allocates shm before calling
iov_iter_npages(). If iov_iter_npages() returns 0, the function
jumps to err_ctx_put and leaks shm.

This can be triggered by TEE_IOC_SHM_REGISTER with
struct tee_ioctl_shm_register_data where length is 0.

Jump to err_free_shm instead.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.8 < 6.12.94
LinuxLinux Kernel Version >= 6.13 < 6.18.36
LinuxLinux Kernel Version >= 6.19 < 7.0.13
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
LinuxLinux Kernel Version7.1 Updaterc5
LinuxLinux Kernel Version7.1 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.027
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/4277759906b44d923a38c8f59f5576501b187b0d
Patch
https://git.kernel.org/stable/c/c10c9c48b2903f41ed4c532043b0576e86228236
Patch
https://git.kernel.org/stable/c/dbf779db927414f5b37c1f666013e9b48a88cfde
Patch
https://git.kernel.org/stable/c/26682f5efc276e3ad96d102019472bfbf03833b2
Patch