CVE-2021-47087

Summary

In the Linux kernel, the following vulnerability has been resolved:

tee: optee: Fix incorrect page free bug

Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3c712f14d8a9354a8807c15c64c8dd334499cc42 < 806142c805cacd098e61bdc0f72c778a2389fe4aaffected
LinuxLinux1340dc3fb75ea69221f4f5dcb0cbace55ad0331c < ad338d825e3f7b96ee542bf313728af2d19fe9adaffected
LinuxLinuxec185dd3ab257dc2a60953fdf1b6622f524cc5b7 < 91e94e42f6fc49635f1a16d8ae3f79552bcfda29affected
LinuxLinuxec185dd3ab257dc2a60953fdf1b6622f524cc5b7 < 18549bf4b21c739a9def39f27dcac53e27286ab5affected
LinuxLinux255e17923b22cb7abd026e044416d61f6bd0eec0affected
LinuxLinux5.4.140 < 5.4.169affected
LinuxLinux5.10.58 < 5.10.89affected
LinuxLinux5.13.10 < 5.14affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.4.169 <= 5.4.*unaffected
LinuxLinux5.10.89 <= 5.10.*unaffected
LinuxLinux5.15.12 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References