Bugzilla – Bug 1184205
VUL-0: CVE-2021-29649: kernel-source-rt,kernel-source-azure,kernel-source: user mode driver (UMD) has a copy_process() memory leak
Last modified: 2022-06-09 08:43:06 UTC
CVE-2021-29649 An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29649 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
The target, d71fa5c9763c, wasn't backported to SLE15-SP3, so the SLE kernel is probably not affected.
f60a85cad677: > Fixes: d71fa5c9763c ("bpf: Add kernel module with user mode driver that populates bpffs.") Only seems to affect v5.10 and newer(In reply to Gary Ching-Pang Lin from comment #1) > The target, d71fa5c9763c, wasn't backported to SLE15-SP3, so the SLE kernel > is probably not affected. Sorry, got distracted and was to slow to answer :) I agree, only seems to affect v5.10 and newer
(In reply to Robert Frohl from comment #2) > I agree, only seems to affect v5.10 and newer updated tracking to reflect this
The stable tree is upgraded to 5.11.11 which contains the fix. On the other hand, the fix is merged into mainline since 5.12-rc5. The master is upgraded to v5.12-rc6 recently, so both stable and master trees have the fix now.
Done, closing.