Bug 1222708 (CVE-2021-47190)

Summary: VUL-0: CVE-2021-47190: kernel: perf bpf: Avoid memory leak from perf_env__insert_btf()
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, mhocko
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/401334/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47190:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-04-12 07:31:53 UTC 
In the Linux kernel, the following vulnerability has been resolved:

perf bpf: Avoid memory leak from perf_env__insert_btf()

perf_env__insert_btf() doesn't insert if a duplicate BTF id is
encountered and this causes a memory leak. Modify the function to return
a success/error value and then free the memory if insertion didn't
happen.

v2. Adds a return -1 when the insertion error occurs in
    perf_env__fetch_btf. This doesn't affect anything as the result is
    never checked.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47190
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47190.mbox
https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2
https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc
https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e
https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f
https://www.cve.org/CVERecord?id=CVE-2021-47190
https://bugzilla.redhat.com/show_bug.cgi?id=2274619
Comment 2 Tony Jones 2024-04-29 11:30:24 UTC 
This is already in SP5 via git-fixes but prior to SP6 we don't maintain userspace packages in kernel-git, rather the userspace package.

Mon Dec  6 21:34:58 UTC 2021 - Tony Jones <tonyj@suse.com>
- Apply latest git-fixes reported against kernel-source:
  
- ASan reports memory leaks while running:
  New patch: perf-bench-Fix-two-memory-leaks-detected-with-ASan.patch
  
>>>> - Resolve memory leak in BPF when attempting to insert duplicate id's
>>>>  New patch: perf-bpf-Avoid-memory-leak-from-perf_env__insert_btf.patch
  
- Resolve failure to execute zstd test on !s390 systems
  New patch: perf-tests-Remove-bash-construct-from-record-zstd_comp_decomp.sh.patch

$ grep 'Git-commit:' perf-bpf-Avoid-memory-leak-from-perf_env__insert_btf.patch
Git-commit: 4924b1f7c46711762fd0e65c135ccfbcfd6ded1f