CVE-2021-47087

tee: optee: Fix incorrect page free bug

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tee: optee: Fix incorrect page free bug

Pointer to the allocated pages (struct page *page) has already
progressed towards the end of allocation. It is incorrect to perform
__free_pages(page, order) using this pointer as we would free any
arbitrary pages. Fix this by stop modifying the page pointer.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tee: optee: corrige el error de liberación de página incorrecta. El puntero a las páginas asignadas (página de estructura *página) ya ha avanzado hacia el final de la asignación. Es incorrecto ejecutar __free_pages(page, order) usando este puntero ya que liberaríamos páginas arbitrarias. Solucione este problema dejando de modificar el puntero de la página.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-29 CVE Reserved
2024-03-04 CVE Published
2024-03-05 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/3c712f14d8a9354a8807c15c64c8dd334499cc42	Vuln. Introduced
https://git.kernel.org/stable/c/1340dc3fb75ea69221f4f5dcb0cbace55ad0331c	Vuln. Introduced
https://git.kernel.org/stable/c/ec185dd3ab257dc2a60953fdf1b6622f524cc5b7	Vuln. Introduced
https://git.kernel.org/stable/c/255e17923b22cb7abd026e044416d61f6bd0eec0	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/806142c805cacd098e61bdc0f72c778a2389fe4a	2021-12-29
https://git.kernel.org/stable/c/ad338d825e3f7b96ee542bf313728af2d19fe9ad	2021-12-29
https://git.kernel.org/stable/c/91e94e42f6fc49635f1a16d8ae3f79552bcfda29	2021-12-29
https://git.kernel.org/stable/c/18549bf4b21c739a9def39f27dcac53e27286ab5	2021-12-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.140 < 5.4.169 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.140 < 5.4.169"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.58 < 5.10.89 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.58 < 5.10.89"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.13.10 Search vendor "Linux" for product "Linux Kernel" and version "5.13.10"		en		Affected