CVE-2021-47009

Summary

In the Linux kernel, the following vulnerability has been resolved:

KEYS: trusted: Fix memory leak on object td

Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td.

Fixes clang scan-build warning: security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential memory leak [unix.Malloc]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9d83cc1a1e7f494aedee2aa108e801d11525fccf < 31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8affected
LinuxLinux8cfc8d62942105e5df4a20a15b24da077a6b24ef < 1c4031014106aff48e1e686e40101c31eab5d44caffected
LinuxLinux5df16caada3fba3b21cb09b85cdedf99507f4ec1 < 3e24fbd37e72e8a67b74991970fecc82d14f57afaffected
LinuxLinux5df16caada3fba3b21cb09b85cdedf99507f4ec1 < 83a775d5f9bfda95b1c295f95a3a041a40c7f321affected
LinuxLinux5.10.20 < 5.10.38affected
LinuxLinux5.11.3 < 5.11.22affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.10.38 <= 5.10.*unaffected
LinuxLinux5.11.22 <= 5.11.*unaffected
LinuxLinux5.12.5 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References