CVE-2021-47190

low-risk

Published 2024-04-10

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc

Patch https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f

Patch https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2

Patch https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e

Patch https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc

Patch https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f

Patch https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2

Patch https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal