CVE-2021-47190

high

Description

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked.

References

https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e

https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2

https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f

https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc

Details

Source: Mitre, NVD

Published: 2024-04-10

Updated: 2024-04-10

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High