gsd-2021-46937
Vulnerability from gsd
Modified
2024-02-26 06:03
Details
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'
DAMON debugfs interface increases the reference counts of 'struct pid's
for targets from the 'target_ids' file write callback
('dbgfs_target_ids_write()'), but decreases the counts only in DAMON
monitoring termination callback ('dbgfs_before_terminate()').
Therefore, when 'target_ids' file is repeatedly written without DAMON
monitoring start/termination, the reference count is not decreased and
therefore memory for the 'struct pid' cannot be freed. This commit
fixes this issue by decreasing the reference counts when 'target_ids' is
written.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-46937"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\n\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\nfor targets from the \u0027target_ids\u0027 file write callback\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\n\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the \u0027struct pid\u0027 cannot be freed. This commit\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\nwritten.",
"id": "GSD-2021-46937",
"modified": "2024-02-26T06:03:52.663954Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@kernel.org",
"ID": "CVE-2021-46937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4bc05954d007",
"version_value": "ffe4a1ba1a82"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\n\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\nfor targets from the \u0027target_ids\u0027 file write callback\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\n\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the \u0027struct pid\u0027 cannot be freed. This commit\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\nwritten."
}
]
},
"generator": {
"engine": "bippy-b01c2a820106"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141"
},
{
"name": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC64BCA-D219-487C-A123-4C470FE30AB2",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix \u0027struct pid\u0027 leaks in \u0027dbgfs_target_ids_write()\u0027\n\nDAMON debugfs interface increases the reference counts of \u0027struct pid\u0027s\nfor targets from the \u0027target_ids\u0027 file write callback\n(\u0027dbgfs_target_ids_write()\u0027), but decreases the counts only in DAMON\nmonitoring termination callback (\u0027dbgfs_before_terminate()\u0027).\n\nTherefore, when \u0027target_ids\u0027 file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the \u0027struct pid\u0027 cannot be freed. This commit\nfixes this issue by decreasing the reference counts when \u0027target_ids\u0027 is\nwritten."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/dbgfs: corrige las fugas de \u0027struct pid\u0027 en \u0027dbgfs_target_ids_write()\u0027 La interfaz DAMON debugfs aumenta los recuentos de referencias de \u0027struct pid\u0027 para los objetivos de la escritura del archivo \u0027target_ids\u0027 devoluci\u00f3n de llamada (\u0027dbgfs_target_ids_write()\u0027), pero disminuye los recuentos solo en la devoluci\u00f3n de llamada de terminaci\u00f3n de monitoreo de DAMON (\u0027dbgfs_before_terminate()\u0027). Por lo tanto, cuando el archivo \u0027target_ids\u0027 se escribe repetidamente sin que DAMON supervise el inicio/terminaci\u00f3n, el recuento de referencias no disminuye y, por lo tanto, no se puede liberar memoria para \u0027struct pid\u0027. Este commit soluciona este problema al disminuir el recuento de referencias cuando se escribe \u0027target_ids\u0027."
}
],
"id": "CVE-2021-46937",
"lastModified": "2024-04-10T18:59:16.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-27T10:15:08.067",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.