CVE-2021-47516

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/05/2024
Last modified:
10/06/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfp: Fix memory leak in nfp_cpp_area_cache_add()<br /> <br /> In line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a<br /> CPP area structure. But in line 807 (#2), when the cache is allocated<br /> failed, this CPP area structure is not freed, which will result in<br /> memory leak.<br /> <br /> We can fix it by freeing the CPP area when the cache is allocated<br /> failed (#2).<br /> <br /> 792 int nfp_cpp_area_cache_add(struct nfp_cpp *cpp, size_t size)<br /> 793 {<br /> 794 struct nfp_cpp_area_cache *cache;<br /> 795 struct nfp_cpp_area *area;<br /> <br /> 800 area = nfp_cpp_area_alloc(cpp, NFP_CPP_ID(7, NFP_CPP_ACTION_RW, 0),<br /> 801 0, size);<br /> // #1: allocates and initializes<br /> <br /> 802 if (!area)<br /> 803 return -ENOMEM;<br /> <br /> 805 cache = kzalloc(sizeof(*cache), GFP_KERNEL);<br /> 806 if (!cache)<br /> 807 return -ENOMEM; // #2: missing free<br /> <br /> 817 return 0;<br /> 818 }

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.11 (including) 4.14.258 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.221 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.85 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.8 (excluding)