CVE-2021-47190

MEDIUM

Linux Kernel - Use-After-Free in perf_env__insert_btf

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/642fc22210a5e59d40b1e4d56d21ec3effd401f2

Patch

https://git.kernel.org/stable/c/11589d3144bc4e272e0aae46ce8156162e99babc

Patch

https://git.kernel.org/stable/c/ab7c3d8d81c511ddfb27823fb07081c96422b56e

Patch

https://git.kernel.org/stable/c/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 13.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (11)

Linux/Linux < 5.1

Linux/Linux 3792cb2ff43b1b193136a03ce1336462a827d792 - 11589d3144bc4e272e0aae46ce8156162e99babc

Linux/Linux 3792cb2ff43b1b193136a03ce1336462a827d792 - 4924b1f7c46711762fd0e65c135ccfbcfd6ded1f

Linux/Linux 3792cb2ff43b1b193136a03ce1336462a827d792 - 642fc22210a5e59d40b1e4d56d21ec3effd401f2

Linux/Linux 3792cb2ff43b1b193136a03ce1336462a827d792 - ab7c3d8d81c511ddfb27823fb07081c96422b56e

Linux/Linux 5.1

Linux/Linux 5.10.82 - 5.10.*

Linux/Linux 5.15.5 - 5.15.*

Linux/Linux 5.16

Linux/Linux 5.4.162 - 5.4.*

... and 1 more

Published Apr 10, 2024

Tracked Since Feb 18, 2026