FKIE_CVE-2021-47009

Vulnerability from fkie_nvd - Published: 2024-02-28 09:15 - Updated: 2024-12-09 18:24
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build warning: security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential memory leak [unix.Malloc]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57afPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57afPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 5.12
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F680366A-DA31-428F-A674-7B537D57FB09",
              "versionEndExcluding": "5.10.38",
              "versionStartIncluding": "5.10.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73DB134-2F95-4413-88CE-82009EAAC844",
              "versionEndExcluding": "5.11.22",
              "versionStartIncluding": "5.11.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B",
              "versionEndExcluding": "5.12.5",
              "versionStartIncluding": "5.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "07875739-0CCB-4F48-9330-3D4B6A4064FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix memory leak on object td\n\nTwo error return paths are neglecting to free allocated object td,\ncausing a memory leak. Fix this by returning via the error return\npath that securely kfree\u0027s td.\n\nFixes clang scan-build warning:\nsecurity/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential\nmemory leak [unix.Malloc]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: LLAVES: confiable: corrige la p\u00e9rdida de memoria en el objeto td. Dos rutas de retorno de error no liberan el objeto asignado td, lo que provoca una p\u00e9rdida de memoria. Solucione este problema regresando a trav\u00e9s de la ruta de retorno de error que segura el td. Corrige la advertencia de clang scan-build: seguridad/claves/trusted-keys/trusted_tpm1.c:496:10: advertencia: Posible p\u00e9rdida de memoria [unix.Malloc]"
    }
  ],
  "id": "CVE-2021-47009",
  "lastModified": "2024-12-09T18:24:16.137",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-28T09:15:38.610",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57af"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57af"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.