Memory Leak Affecting perf package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-PERF-6354987
- published 2 Mar 2024
- disclosed 1 Mar 2024
Introduced: 1 Mar 2024
CVE-2021-47071 Open this link in a new tabHow to fix?
There is no fixed version for Centos:8
perf
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf
package and not the perf
package as distributed by Centos
.
See How to fix?
for Centos:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix a memory leak in error handling paths
If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free the corresponding buffer.
In such a case, we need to free the buffer explicitly.
References
- https://access.redhat.com/security/cve/CVE-2021-47071
- https://git.kernel.org/stable/c/3ee098f96b8b6c1a98f7f97915f8873164e6af9d
- https://git.kernel.org/stable/c/53486c467e356e06aa37047c984fccd64d78c827
- https://git.kernel.org/stable/c/cdd91637d4ef33e2be19a8e16e72e7d00c996d76
- https://git.kernel.org/stable/c/d84b5e912212b05f6b5bde9f682046accfbe0354