CVE-2021-47071

Summary

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Fix a memory leak in error handling paths

If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free the corresponding buffer.

In such a case, we need to free the buffer explicitly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcdfa835c6e5e87d145f9f632b58843de97509f2b < cdd91637d4ef33e2be19a8e16e72e7d00c996d76affected
LinuxLinuxcdfa835c6e5e87d145f9f632b58843de97509f2b < d84b5e912212b05f6b5bde9f682046accfbe0354affected
LinuxLinuxcdfa835c6e5e87d145f9f632b58843de97509f2b < 53486c467e356e06aa37047c984fccd64d78c827affected
LinuxLinuxcdfa835c6e5e87d145f9f632b58843de97509f2b < 3ee098f96b8b6c1a98f7f97915f8873164e6af9daffected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.122 <= 5.4.*unaffected
LinuxLinux5.10.40 <= 5.10.*unaffected
LinuxLinux5.12.7 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References