Vulnerability Details : CVE-2021-47367
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: fix pages leaking when building skb in big mode
We try to use build_skb() if we had sufficient tailroom. But we forget
to release the unused pages chained via private in big mode which will
leak pages. Fixing this by release the pages after building the skb in
big mode.
Products affected by CVE-2021-47367
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-47367
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-47367
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-07-03 |
CWE ids for CVE-2021-47367
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2021-47367
-
https://git.kernel.org/stable/c/f020bb63b5d2e5576acadd10e158fe3b04af67ba
virtio-net: fix pages leaking when building skb in big mode - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/afd92d82c9d715fb97565408755acad81573591a
virtio-net: fix pages leaking when building skb in big mode - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to