CVE-2021-47467

Summary

In the Linux kernel, the following vulnerability has been resolved:

kunit: fix reference count leak in kfree_at_end

The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the returned resource object, whose refcount increased inside, causing a refcount leak.

Fix this issue by calling kunit_alloc_resource() instead of kunit_alloc_and_get_resource().

Fixed the following when applying: Shuah Khan <skhan@linuxfoundation.org>

CHECK: Alignment should match open parenthesis

  • kunit_alloc_resource(test, NULL, kfree_res_free, GFP_KERNEL, (void *)to_free);

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1d71307a6f94df3750f8f884545a769e227172fe < bbdd158b40b66a9403391a517f24ef6613573446affected
LinuxLinux1d71307a6f94df3750f8f884545a769e227172fe < f62314b1ced25c58b86e044fc951cd6a1ea234cfaffected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.14.15 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References