Resource Leak Affecting kernel-devel package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELDEVEL-6331331
- published 29 Feb 2024
- disclosed 27 Feb 2024
Introduced: 27 Feb 2024
CVE-2021-46968 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7 kernel-devel.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-devel package and not the kernel-devel package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
s390/zcrypt: fix zcard and zqueue hot-unplug memleak
Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with get/put for the embedded kref counter.
This fix now adjusts the handling of the kref counters. With init the kref counter starts with 1. This initial value needs to drop to zero with the unregister of the card or queue to trigger the release and free the object.
References
- https://access.redhat.com/security/cve/CVE-2021-46968
- https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524
- https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599
- https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2
- https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3