cve-2021-47373
Vulnerability from cvelistv5
Published
2024-05-21 15:03
Modified
2024-11-04 12:04
Severity ?
Summary
irqchip/gic-v3-its: Fix potential VPE leak on error
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:08.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d39992d45acd6f2d6b2f62389c55b61fb3d486b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5701e8bff314c155e7afdc467b1e0389d86853d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42d3711c23781045e7a5cd28536c774b9a66d20b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/568662e37f927e3dc3e475f3ff7cf4ab7719c5e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0c1c2e5da19685a20557a50f10c6aa4fa26aa84"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/280bef512933b2dda01d681d8cbe499b98fc5bdd"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47373",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:38:26.323793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:45.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-gic-v3-its.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7d39992d45ac",
              "status": "affected",
              "version": "7d75bbb4bc1a",
              "versionType": "git"
            },
            {
              "lessThan": "5701e8bff314",
              "status": "affected",
              "version": "7d75bbb4bc1a",
              "versionType": "git"
            },
            {
              "lessThan": "42d3711c2378",
              "status": "affected",
              "version": "7d75bbb4bc1a",
              "versionType": "git"
            },
            {
              "lessThan": "568662e37f92",
              "status": "affected",
              "version": "7d75bbb4bc1a",
              "versionType": "git"
            },
            {
              "lessThan": "e0c1c2e5da19",
              "status": "affected",
              "version": "7d75bbb4bc1a",
              "versionType": "git"
            },
            {
              "lessThan": "280bef512933",
              "status": "affected",
              "version": "7d75bbb4bc1a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/irqchip/irq-gic-v3-its.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.249",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.14.*",
              "status": "unaffected",
              "version": "5.14.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Fix potential VPE leak on error\n\nIn its_vpe_irq_domain_alloc, when its_vpe_init() returns an error,\nthere is an off-by-one in the number of VPEs to be freed.\n\nFix it by simply passing the number of VPEs allocated, which is the\nindex of the loop iterating over the VPEs.\n\n[maz: fixed commit message]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:04:39.942Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7d39992d45acd6f2d6b2f62389c55b61fb3d486b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5701e8bff314c155e7afdc467b1e0389d86853d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/42d3711c23781045e7a5cd28536c774b9a66d20b"
        },
        {
          "url": "https://git.kernel.org/stable/c/568662e37f927e3dc3e475f3ff7cf4ab7719c5e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0c1c2e5da19685a20557a50f10c6aa4fa26aa84"
        },
        {
          "url": "https://git.kernel.org/stable/c/280bef512933b2dda01d681d8cbe499b98fc5bdd"
        }
      ],
      "title": "irqchip/gic-v3-its: Fix potential VPE leak on error",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47373",
    "datePublished": "2024-05-21T15:03:37.789Z",
    "dateReserved": "2024-05-21T14:58:30.810Z",
    "dateUpdated": "2024-11-04T12:04:39.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47373\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T15:15:23.157\",\"lastModified\":\"2024-05-21T16:54:26.047\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nirqchip/gic-v3-its: Fix potential VPE leak on error\\n\\nIn its_vpe_irq_domain_alloc, when its_vpe_init() returns an error,\\nthere is an off-by-one in the number of VPEs to be freed.\\n\\nFix it by simply passing the number of VPEs allocated, which is the\\nindex of the loop iterating over the VPEs.\\n\\n[maz: fixed commit message]\"},{\"lang\":\"es\",\"value\":\" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v3-its: soluciona una posible fuga de VPE en caso de error. En its_vpe_irq_domain_alloc, cuando its_vpe_init() devuelve un error, hay un error de uno en uno en el n\u00famero de VPE. para ser liberado. Solucionelo simplemente pasando el n\u00famero de VPE asignados, que es el \u00edndice del bucle que se itera sobre los VPE. [maz: mensaje de confirmaci\u00f3n fijo]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/280bef512933b2dda01d681d8cbe499b98fc5bdd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/42d3711c23781045e7a5cd28536c774b9a66d20b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/568662e37f927e3dc3e475f3ff7cf4ab7719c5e7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5701e8bff314c155e7afdc467b1e0389d86853d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7d39992d45acd6f2d6b2f62389c55b61fb3d486b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e0c1c2e5da19685a20557a50f10c6aa4fa26aa84\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.