|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-47053: kernel: crypto: sun8i-ss - Fix memory leak of pad | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | gabriele.sonnu, vasant.karasulli |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/395500/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
All affected branches already contain the fix. Closing. The commit from the Fixes tag, upstream commit d9b45418a917 ("crypto: sun8i-ss - support hash algorithms") first appeared in upstream v5.10 and has never been backported manually to any of our branches based on earlier kernel versions. The fix, upstream 50274b01ac16 ("crypto: sun8i-ss - Fix memory leak of pad"), is included in upstream v5.13.
So, judging from the Fixes tagging, none of our kernels has ever been vulnerable, there's no backport accordingly and hence there are no References to amend either AFAICT.
Reassigning back to security-team.
All done, closing. |
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seem to be free'ing pad. Fix these. Addresses-Coverity: ("Resource leak") References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47053 https://git.kernel.org/stable/c/d3d702084d125689edb2b9395c707e09b471352e https://www.cve.org/CVERecord?id=CVE-2021-47053 https://git.kernel.org/stable/c/2c67a9333da9d0a3b87310e0d116b7c9070c7b00 https://git.kernel.org/stable/c/50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a https://git.kernel.org/stable/c/c633e025bd04f54d7b33331cfcdb71354b08ce59 https://bugzilla.redhat.com/show_bug.cgi?id=2266720