CVE-2021-47292

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-47292

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47292.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-47292

Downstream

OESA-2024-2080

UBUNTU-CVE-2021-47292

Published

2024-05-21T15:15:17.173Z

Modified

2026-03-15T22:43:10.085257Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

iouring: fix memleak in ioinitwqoffload()

I got memory leak report when doing fuzz test:

BUG: memory leak unreferenced object 0xffff888107310a80 (size 96): comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... backtrace: [<000000001974933b>] kmalloc include/linux/slab.h:591 [inline] [<000000001974933b>] kzalloc include/linux/slab.h:721 [inline] [<000000001974933b>] ioinitwqoffload fs/iouring.c:7920 [inline] [<000000001974933b>] iouringalloctaskcontext+0x466/0x640 fs/io_uring.c:7955 [<0000000039d0800d>] __iouringaddtctxnode+0x256/0x360 fs/iouring.c:9016 [<000000008482e78c>] iouringaddtctxnode fs/iouring.c:9052 [inline] [<000000008482e78c>] __dosysio_uringenter fs/iouring.c:9354 [inline] [<000000008482e78c>] __sesysio_uringenter fs/iouring.c:9301 [inline] [<000000008482e78c>] _x64sysiouringenter+0xabc/0xc20 fs/iouring.c:9301 [<00000000b875f18f>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<00000000b875f18f>] dosyscall64+0x3b/0x90 arch/x86/entry/common.c:80 [<000000006b0a8484>] entrySYSCALL64afterhwframe+0x44/0xae

CPU0 CPU1 iouringenter iouringenter iouringaddtctxnode iouringaddtctxnode __iouringaddtctxnode __iouringaddtctxnode iouringalloctaskcontext iouringalloctaskcontext ioinitwqoffload ioinitwqoffload hash = kzalloc hash = kzalloc ctx->hashmap = hash ctx->hashmap = hash <- one of the hash is leaked

When calling iouringenter() in parallel, the 'hashmap' will be leaked, add uringlock to protect 'hash_map'.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47292.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "5.12"
            },
            {
                "fixed": "5.13.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.14-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.14-rc2"
            }
        ]
    }
]