CVE-2021-47655

MEDIUM

Linux Kernel 5.16-5.16.18 - Use-After-Free in venus_helper_alloc_dpb_bufs

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: fixed possible memory leak issue The venus_helper_alloc_dpb_bufs() implementation allows an early return on an error path when checking the id from ida_alloc_min() which would not release the earlier buffer allocation. Move the direct kfree() from the error checking of dma_alloc_attrs() to the common fail path to ensure that allocations are released on all error paths in this function. Addresses-Coverity: 1494120 ("Resource leak")

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/5cedfe8aaf1875a5305897107b7f298db4260019

Patch

https://git.kernel.org/stable/c/55bccafc246b2e64763a155ec454470c07a54a6e

Patch

https://git.kernel.org/stable/c/5f89d05ba93df9c2cdfe493843f93288e55e99eb

Patch

https://git.kernel.org/stable/c/8403fdd775858a7bf04868d43daea0acbe49ddfc

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 13.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (10)

Linux/Linux < 5.16

Linux/Linux 40d87aafee29fb01ce1e1868502fb2059a6a7f34 - 55bccafc246b2e64763a155ec454470c07a54a6e

Linux/Linux 40d87aafee29fb01ce1e1868502fb2059a6a7f34 - 5f89d05ba93df9c2cdfe493843f93288e55e99eb

Linux/Linux 40d87aafee29fb01ce1e1868502fb2059a6a7f34 - 8403fdd775858a7bf04868d43daea0acbe49ddfc

Linux/Linux 5.16

Linux/Linux 5.16.19 - 5.16.*

Linux/Linux 5.17.2 - 5.17.*

Linux/Linux 5.18

Linux/Linux 745e6d8bbe6a6e2e40b1609cea114c129f17031a - 5cedfe8aaf1875a5305897107b7f298db4260019

linux/linux_kernel 5.16 - 5.16.19

Published Feb 26, 2025

Tracked Since Feb 18, 2026