CVE-2021-47364

UNKNOWN

Published 2024-05-21T15:03:31.852Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-47364. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

comedi: Fix memory leak in compat_insnlist()

`compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST`
ioctl (whenwhen `CONFIG_COMPAT` is enabled). It allocates memory to
temporarily hold an array of `struct comedi_insn` converted from the
32-bit version in user space. This memory is only being freed if there
is a fault while filling the array, otherwise it is leaked.

Add a call to `kfree()` to fix the leak.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

b8d47d8813055ce38c0d2ad913d5462017e52692 b8d47d8813055ce38c0d2ad913d5462017e52692 b8d47d8813055ce38c0d2ad913d5462017e52692

Linux

Affected Versions:

5.8 0 5.10.70 5.14.9 5.15

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-cc8f-64j2-hxm7

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenwhen `CONFIG_COMPAT` is enabled). It allocates memory to temporarily hold an array of `struct comedi_insn` converted from the 32-bit version in user space. This memory is only being freed if there is a fault while filling the array, otherwise it is leaked. Add a call to `kfree()` to fix the leak.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-47364

WEB https://git.kernel.org/stable/c/8d6a21e4cd6a319b0662cbe4ad6199e276ac776a

WEB https://git.kernel.org/stable/c/bb509a6ffed2c8b0950f637ab5779aa818ed1596

WEB https://git.kernel.org/stable/c/f217b6c1e28ed0b353634ce4d92a155b80bd1671

Advisory provided by GitHub Security Advisory Database. Published: May 21, 2024, Modified: December 26, 2024

References

https://git.kernel.org/stable/c/8d6a21e4cd6a319b0662cbe4ad6199e276ac776a

https://git.kernel.org/stable/c/f217b6c1e28ed0b353634ce4d92a155b80bd1671

https://git.kernel.org/stable/c/bb509a6ffed2c8b0950f637ab5779aa818ed1596

Published: 2024-05-21T15:03:31.852Z

Last Modified: 2025-05-04T07:09:25.272Z

Copied to clipboard!

CVE-2021-47364

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!