CVE-2021-47009

KEYS: trusted: Fix memory leak on object td

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td,
causing a memory leak. Fix this by returning via the error return
path that securely kfree's td. Fixes clang scan-build warning:
security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential
memory leak [unix.Malloc]

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: LLAVES: confiable: corrige la pérdida de memoria en el objeto td. Dos rutas de retorno de error no liberan el objeto asignado td, lo que provoca una pérdida de memoria. Solucione este problema regresando a través de la ruta de retorno de error que segura el td. Corrige la advertencia de clang scan-build: seguridad/claves/trusted-keys/trusted_tpm1.c:496:10: advertencia: Posible pérdida de memoria [unix.Malloc]

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build warning: security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential memory leak [unix.Malloc]

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-27 CVE Reserved
2024-02-28 CVE Published
2024-12-17 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/9d83cc1a1e7f494aedee2aa108e801d11525fccf	Vuln. Introduced
https://git.kernel.org/stable/c/8cfc8d62942105e5df4a20a15b24da077a6b24ef	Vuln. Introduced
https://git.kernel.org/stable/c/5df16caada3fba3b21cb09b85cdedf99507f4ec1	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/31c9a4b24d86cbb36ff0d7a085725a3b4f0138c8	2021-05-19
https://git.kernel.org/stable/c/1c4031014106aff48e1e686e40101c31eab5d44c	2021-05-19
https://git.kernel.org/stable/c/3e24fbd37e72e8a67b74991970fecc82d14f57af	2021-05-19
https://git.kernel.org/stable/c/83a775d5f9bfda95b1c295f95a3a041a40c7f321	2021-05-12

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.20 < 5.10.38 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.20 < 5.10.38"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11.3 < 5.11.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11.3 < 5.11.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.12.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.12.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.13"		en		Affected