Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-47537
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-24 May, 2024 | 15:09
Updated At-04 May, 2025 | 07:13
Rejected At-
▼CVE Numbering Authority (CNA)
octeontx2-af: Fix a memleak bug in rvu_mbox_init()

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto free_regions'. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and confirms that the inconsistent operations are not recovered in the current function or the callers, so they constitute bugs. Note that, as a bug found by static analysis, it can be a false positive or hard to trigger. Multiple researchers have cross-reviewed the bug. Builds with CONFIG_OCTEONTX2_AF=y show no new warnings, and our static analyzer no longer warns about this code.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/net/ethernet/marvell/octeontx2/af/rvu.c
Default Status
unaffected
Versions
Affected
  • From 98c5611163603d3d8012b1bf64ab48fd932cf734 before 1c0ddef45b7e3dbe3ed073695d20faa572b7056a (git)
  • From 98c5611163603d3d8012b1bf64ab48fd932cf734 before e07a097b4986afb8f925d0bb32612e1d3e88ce15 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/net/ethernet/marvell/octeontx2/af/rvu.c
Default Status
affected
Versions
Affected
  • 5.12
Unaffected
  • From 0 before 5.12 (semver)
  • From 5.15.7 through 5.15.* (semver)
  • From 5.16 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/1c0ddef45b7e3dbe3ed073695d20faa572b7056a
N/A
https://git.kernel.org/stable/c/e07a097b4986afb8f925d0bb32612e1d3e88ce15
N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/1c0ddef45b7e3dbe3ed073695d20faa572b7056a
x_transferred
https://git.kernel.org/stable/c/e07a097b4986afb8f925d0bb32612e1d3e88ce15
x_transferred
Details not found