CVE-2021-47087

HIGH

Linux kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. Fix this by stop modifying the page pointer.

References (4)

[Patch] https://git.kernel.org/stable/c/18549bf4b21c739a9def39f27dcac53e27286ab5

[Patch] https://git.kernel.org/stable/c/806142c805cacd098e61bdc0f72c778a2389fe4a

[Patch] https://git.kernel.org/stable/c/91e94e42f6fc49635f1a16d8ae3f79552bcfda29

[Patch] https://git.kernel.org/stable/c/ad338d825e3f7b96ee542bf313728af2d19fe9ad

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-763

Status published

Products (2)

linux/linux_kernel 5.16 rc1 (6 CPE variants)

linux/linux_kernel 5.4.140 - 5.4.169

Published Mar 04, 2024

Tracked Since Feb 18, 2026