CVE-2021-47466

mm, slub: fix potential memoryleak in kmem_cache_open()

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this
by using __kmem_cache_release() to release all the relevant resources.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm, slub: corrige una posible pérdida de memoria en kmem_cache_open() En la ruta del error, es posible que se haya filtrado el random_seq del caché slub. Solucione este problema usando __kmem_cache_release() para liberar todos los recursos relevantes.

A potential memory leak was found in the Linux kernel, in kmem_cache_open(). This issue may lead to compromised confidentiality and availability.

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-05-22 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/210e7a43fa905bccafa9bb5966fba1d71f33eb8b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb	2021-10-27
https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930	2021-10-27
https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f	2021-10-27
https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461	2021-10-19

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47466	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2282890	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.156 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.156"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.14.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.14.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15"		en		Affected