CVE-2021-47585

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47585
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47585.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47585
Related
Published
2024-06-19T15:15:53Z
Modified
2024-09-18T03:18:54.239080Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix memory leak in _addinode_ref()

Line 1169 (#3) allocates a memory chunk for victimname by kmalloc(), but when the function returns in line 1184 (#4) victimname allocated by line 1169 (#3) is not freed, which will lead to a memory leak. There is a similar snippet of code in this function as allocating a memory chunk for victim_name in line 1104 (#1) as well as releasing the memory in line 1116 (#2).

We should kfree() victimname when the return value of backrefin_log() is less than zero and before the function returns in line 1184 (#4).

1057 static inline int _addinoderef(struct btrfstranshandle *trans, 1058 struct btrfsroot *root, 1059 struct btrfspath *path, 1060 struct btrfsroot *logroot, 1061 struct btrfsinode *dir, 1062 struct btrfsinode *inode, 1063 u64 inodeobjectid, u64 parentobjectid, 1064 u64 refindex, char *name, int namelen, 1065 int *search_done) 1066 {

1104 victimname = kmalloc(victimnamelen, GFPNOFS); // #1: kmalloc (victimname-1) 1105 if (!victimname) 1106 return -ENOMEM;

1112 ret = backrefinlog(logroot, &searchkey, 1113 parentobjectid, victimname, 1114 victimnamelen); 1115 if (ret < 0) { 1116 kfree(victimname); // #2: kfree (victimname-1) 1117 return ret; 1118 } else if (!ret) {

1169 victimname = kmalloc(victimnamelen, GFPNOFS); // #3: kmalloc (victimname-2) 1170 if (!victimname) 1171 return -ENOMEM;

1180 ret = backrefinlog(logroot, &searchkey, 1181 parentobjectid, victimname, 1182 victimnamelen); 1183 if (ret < 0) { 1184 return ret; // #4: missing kfree (victim_name-2) 1185 } else if (!ret) {

1241 return 0; 1242 }

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.92-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}