CVE-2021-47655

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: venus: vdec: fixed possible memory leak issue

The venus_helper_alloc_dpb_bufs() implementation allows an early return on an error path when checking the id from ida_alloc_min() which would not release the earlier buffer allocation.

Move the direct kfree() from the error checking of dma_alloc_attrs() to the common fail path to ensure that allocations are released on all error paths in this function.

Addresses-Coverity: 1494120 ("Resource leak")

Affected Software

VendorProductVersion RangeStatus
LinuxLinux745e6d8bbe6a6e2e40b1609cea114c129f17031a < 5cedfe8aaf1875a5305897107b7f298db4260019affected
LinuxLinux40d87aafee29fb01ce1e1868502fb2059a6a7f34 < 55bccafc246b2e64763a155ec454470c07a54a6eaffected
LinuxLinux40d87aafee29fb01ce1e1868502fb2059a6a7f34 < 5f89d05ba93df9c2cdfe493843f93288e55e99ebaffected
LinuxLinux40d87aafee29fb01ce1e1868502fb2059a6a7f34 < 8403fdd775858a7bf04868d43daea0acbe49ddfcaffected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux5.16.19 <= 5.16.*unaffected
LinuxLinux5.17.2 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References