CVE-2021-47466 : In the Linux kernel, the following vulnerability has been resolved: mm, slub: f

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources.

Published 2024-05-22 06:23:26

Updated 2025-01-07 20:13:42

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47466

Linux » Linux Kernel
Versions from including (>=) 4.8 and before (<) 5.4.156
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.14.15
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.76
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC1
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC2
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC3
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC4
cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC5
cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC6
cpe:2.3:o:linux:linux_kernel:5.15:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47466

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47466

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-01-07
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-47466

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47466

https://git.kernel.org/stable/c/568f906340b43120abd6fcc67c37396482f85930

mm, slub: fix potential memoryleak in kmem_cache_open() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4f5d1c29cfab5cb0ab885059818751bdef32e2bb

mm, slub: fix potential memoryleak in kmem_cache_open() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/42b81946e3ac9ea0372ba16e05160dc11e02694f

mm, slub: fix potential memoryleak in kmem_cache_open() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/9037c57681d25e4dcc442d940d6dbe24dd31f461

mm, slub: fix potential memoryleak in kmem_cache_open() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47466

Products affected by CVE-2021-47466

Exploit prediction scoring system (EPSS) score for CVE-2021-47466

CVSS scores for CVE-2021-47466

CWE ids for CVE-2021-47466

References for CVE-2021-47466