CVE-2021-47364

low

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenwhen `CONFIG_COMPAT` is enabled). It allocates memory to temporarily hold an array of `struct comedi_insn` converted from the 32-bit version in user space. This memory is only being freed if there is a fault while filling the array, otherwise it is leaked. Add a call to `kfree()` to fix the leak.

References

https://git.kernel.org/stable/c/f217b6c1e28ed0b353634ce4d92a155b80bd1671

https://git.kernel.org/stable/c/bb509a6ffed2c8b0950f637ab5779aa818ed1596

https://git.kernel.org/stable/c/8d6a21e4cd6a319b0662cbe4ad6199e276ac776a

Details

Source: Mitre, NVD

Published: 2024-05-21

Updated: 2024-05-21

Risk Information

CVSS v2

Base Score: 2.4

Vector: CVSS2#AV:L/AC:H/Au:S/C:P/I:N/A:P

Severity: Low

CVSS v3

Base Score: 3.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L

Severity: Low