CVE-2021-46937
Vulnerability from cvelistv5
Published
2024-02-27 09:44
Modified
2024-12-19 07:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'target_ids' file write callback ('dbgfs_target_ids_write()'), but decreases the counts only in DAMON monitoring termination callback ('dbgfs_before_terminate()'). Therefore, when 'target_ids' file is repeatedly written without DAMON monitoring start/termination, the reference count is not decreased and therefore memory for the 'struct pid' cannot be freed. This commit fixes this issue by decreasing the reference counts when 'target_ids' is written.
Impacted products
Vendor Product Version
Linux Linux Version: 5.15
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T15:48:08.860920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:00.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:43.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/dbgfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ffe4a1ba1a82c416a6b3a09d46594f6a885ae141",
              "status": "affected",
              "version": "4bc05954d0076655cfaf6f0135585bdc20cd6b11",
              "versionType": "git"
            },
            {
              "lessThan": "ebb3f994dd92f8fb4d70c7541091216c1e10cb71",
              "status": "affected",
              "version": "4bc05954d0076655cfaf6f0135585bdc20cd6b11",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/damon/dbgfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\n\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\nfor targets from the \u0027target_ids\u0027 file write callback\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\n\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the \u0027struct pid\u0027 cannot be freed.  This commit\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\nwritten."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T07:32:09.723Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71"
        }
      ],
      "title": "mm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46937",
    "datePublished": "2024-02-27T09:44:03.421Z",
    "dateReserved": "2024-02-25T13:45:52.721Z",
    "dateUpdated": "2024-12-19T07:32:09.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46937\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T10:15:08.067\",\"lastModified\":\"2024-11-21T06:34:58.507\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\\n\\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\\nfor targets from the \u0027target_ids\u0027 file write callback\\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\\n\\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\\nmonitoring start/termination, the reference count is not decreased and\\ntherefore memory for the \u0027struct pid\u0027 cannot be freed.  This commit\\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\\nwritten.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/dbgfs: corrige las fugas de \u0027struct pid\u0027 en \u0027dbgfs_target_ids_write()\u0027 La interfaz DAMON debugfs aumenta los recuentos de referencias de \u0027struct pid\u0027 para los objetivos de la escritura del archivo \u0027target_ids\u0027 devoluci\u00f3n de llamada (\u0027dbgfs_target_ids_write()\u0027), pero disminuye los recuentos solo en la devoluci\u00f3n de llamada de terminaci\u00f3n de monitoreo de DAMON (\u0027dbgfs_before_terminate()\u0027). Por lo tanto, cuando el archivo \u0027target_ids\u0027 se escribe repetidamente sin que DAMON supervise el inicio/terminaci\u00f3n, el recuento de referencias no disminuye y, por lo tanto, no se puede liberar memoria para \u0027struct pid\u0027. Este commit soluciona este problema al disminuir el recuento de referencias cuando se escribe \u0027target_ids\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.0\",\"versionEndExcluding\":\"5.15.13\",\"matchCriteriaId\":\"8CC64BCA-D219-487C-A123-4C470FE30AB2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.