CVE-2021-47295

2024-05-2115:15:17

CWE-400

Linux

web.nvd.nist.gov

linux kernel

vulnerability

memory leak

net:sched

cve-2021-47295

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: sched: fix memory leak in tcindex_partial_destroy_work

Syzbot reported memory leak in tcindex_set_parms(). The problem was in
non-freed perfect hash in tcindex_partial_destroy_work().

In tcindex_set_parms() new tcindex_data is allocated and some fields from
old one are copied to new one, but not the perfect hash. Since
tcindex_partial_destroy_work() is the destroy function for old
tcindex_data, we need to free perfect hash to avoid memory leak.

Affected configurations

Vulners

Node

linuxlinux_kernelRange3.18–5.4.136

linuxlinux_kernelRange5.5.0–5.10.54

linuxlinux_kernelRange5.11.0–5.13.6

linuxlinux_kernelRange5.14.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sched/cls_tcindex.c"
    ],
    "versions": [
      {
        "version": "331b72922c5f",
        "lessThan": "8d7924ce85ba",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "331b72922c5f",
        "lessThan": "8e9662fde6d6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "331b72922c5f",
        "lessThan": "cac71d27745f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "331b72922c5f",
        "lessThan": "f5051bcece50",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/sched/cls_tcindex.c"
    ],
    "versions": [
      {
        "version": "3.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.18",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.136",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.54",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13.6",
        "lessThanOrEqual": "5.13.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]