CVE-2021-47190

Summary

In the Linux kernel, the following vulnerability has been resolved:

perf bpf: Avoid memory leak from perf_env__insert_btf()

perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen.

v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3792cb2ff43b1b193136a03ce1336462a827d792 < 642fc22210a5e59d40b1e4d56d21ec3effd401f2affected
LinuxLinux3792cb2ff43b1b193136a03ce1336462a827d792 < 11589d3144bc4e272e0aae46ce8156162e99babcaffected
LinuxLinux3792cb2ff43b1b193136a03ce1336462a827d792 < ab7c3d8d81c511ddfb27823fb07081c96422b56eaffected
LinuxLinux3792cb2ff43b1b193136a03ce1336462a827d792 < 4924b1f7c46711762fd0e65c135ccfbcfd6ded1faffected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.4.162 <= 5.4.*unaffected
LinuxLinux5.10.82 <= 5.10.*unaffected
LinuxLinux5.15.5 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References