CVE-2021-47364

MEDIUM

Linux Kernel 5.8-5.10.69, 5.14.0-5.14.8, 5.15 - Use-After-Free in comedi compat_insnlist

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenwhen `CONFIG_COMPAT` is enabled). It allocates memory to temporarily hold an array of `struct comedi_insn` converted from the 32-bit version in user space. This memory is only being freed if there is a fault while filling the array, otherwise it is leaked. Add a call to `kfree()` to fix the leak.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/8d6a21e4cd6a319b0662cbe4ad6199e276ac776a

Patch

https://git.kernel.org/stable/c/f217b6c1e28ed0b353634ce4d92a155b80bd1671

Patch

https://git.kernel.org/stable/c/bb509a6ffed2c8b0950f637ab5779aa818ed1596

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (10)

Linux/Linux < 5.8

Linux/Linux 5.10.70 - 5.10.*

Linux/Linux 5.14.9 - 5.14.*

Linux/Linux 5.15

Linux/Linux 5.8

Linux/Linux b8d47d8813055ce38c0d2ad913d5462017e52692 - 8d6a21e4cd6a319b0662cbe4ad6199e276ac776a

Linux/Linux b8d47d8813055ce38c0d2ad913d5462017e52692 - bb509a6ffed2c8b0950f637ab5779aa818ed1596

Linux/Linux b8d47d8813055ce38c0d2ad913d5462017e52692 - f217b6c1e28ed0b353634ce4d92a155b80bd1671

linux/linux_kernel 5.15 rc1 (2 CPE variants)

linux/linux_kernel 5.8 - 5.10.70

Published May 21, 2024

Tracked Since Feb 18, 2026