SB20240530111 - Memory leak in Linux kernel util
Published: May 30, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240530111
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2021-47190)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_env__insert_bpf_prog_info() function in tools/perf/util/env.h, within the perf_env__fetch_btf() and perf_env__insert_btf() functions in tools/perf/util/bpf-event.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2
- https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc
- https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e
- https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.162