Bug 1224974 (CVE-2021-47298) - VUL-0: CVE-2021-47298: kernel: bpf, sockmap: Fix potential memory leak on unlikely error case
Summary: VUL-0: CVE-2021-47298: kernel: bpf, sockmap: Fix potential memory leak on unl...
Status: RESOLVED FIXED
Alias: CVE-2021-47298
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/406932/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47298:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 12:35 UTC by SMASH SMASH
Modified: 2024-06-12 11:57 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-22 12:35:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix potential memory leak on unlikely error case

If skb_linearize is needed and fails we could leak a msg on the error
handling. To fix ensure we kfree the msg block before returning error.
Found during code review.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47298
https://www.cve.org/CVERecord?id=CVE-2021-47298
https://git.kernel.org/stable/c/6c508a1c6c62793dc6e6872cad4b200097bab7c9
https://git.kernel.org/stable/c/715f378f42909c401ec043f5150c4fdf57fb8889
https://git.kernel.org/stable/c/7e6b27a69167f97c56b5437871d29e9722c3e470
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2021/CVE-2021-47298.mbox
Comment 2 Shung-Hsi Yu 2024-05-30 13:25:24 UTC 
7e6b27a69167 ("bpf, sockmap: Fix potential memory leak on unlikely error case") merged v5.14-rc3~30^2~38^2~3
Fixes: 4363023d2668 ("bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list") merged v5.10-rc5~24^2^2~3

No backport needed, all branches either does not have buggy commit or already has the fix.

Reassigning back to security team.
Comment 3 Gabriele Sonnu 2024-06-12 11:57:34 UTC 
All done, closing.