Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2021-46937

HistoryFeb 27, 2024 - 10:15 a.m.

CVE-2021-46937

2024-02-2710:15:08

CWE-668

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

struct pid

damon debugfs

memory leak

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/dbgfs: fix ‘struct pid’ leaks in ‘dbgfs_target_ids_write()’

DAMON debugfs interface increases the reference counts of 'struct pid’s
for targets from the ‘target_ids’ file write callback
(‘dbgfs_target_ids_write()’), but decreases the counts only in DAMON
monitoring termination callback (‘dbgfs_before_terminate()’).

Therefore, when ‘target_ids’ file is repeatedly written without DAMON
monitoring start/termination, the reference count is not decreased and
therefore memory for the ‘struct pid’ cannot be freed. This commit
fixes this issue by decreasing the reference counts when ‘target_ids’ is
written.

Affected configurations

Nvd

Node

linuxlinux_kernelRange5.15.0–5.15.13

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/ebb3f994dd92f8fb4d70c7541091216c1e10cb71

git.kernel.org/stable/c/ffe4a1ba1a82c416a6b3a09d46594f6a885ae141

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2021-46937