CVE-2021-29649

Published: Mar 30, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.

Affected (4)

Products: Linux: Linux Kernel · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.11.11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (10)

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZGMUP6QEHJJEKPMLKOSPWYMW7PXFC2M/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTADK5ELGTATGW2RK3K5MBJ2WGYCPZCM/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRNELXLVFDY6Y5XDMWLIH3VKIMQXLLR/

Source: cve@mitre.org

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11