| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052439-CVE-2021-47543-a01a@gregkh> Date: Fri, 24 May 2024 17:10:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47543: perf report: Fix memory leaks around perf_tip() Description =========== In the Linux kernel, the following vulnerability has been resolved: perf report: Fix memory leaks around perf_tip() perf_tip() may allocate memory or use a literal, this means memory wasn't freed if allocated. Change the API so that literals aren't used. At the same time add missing frees for system_path. These issues were spotted using leak sanitizer. The Linux kernel CVE team has assigned CVE-2021-47543 to this issue. Affected and fixed versions =========================== Fixed in 5.4.164 with commit df5990db088d Fixed in 5.10.84 with commit ff061b5bda73 Fixed in 5.15.7 with commit 71e284dcebec Fixed in 5.16 with commit d9fc706108c1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47543 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: tools/perf/builtin-report.c tools/perf/util/util.c tools/perf/util/util.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/df5990db088d4c7fea9a2f9b8195a7859e1768c4 https://git.kernel.org/stable/c/ff061b5bda73c4f785b4703eeb0848fd99e5608a https://git.kernel.org/stable/c/71e284dcebecb9fd204ff11097469cc547723ad1 https://git.kernel.org/stable/c/d9fc706108c15f8bc2d4ccccf8e50f74830fabd9
Powered by blists - more mailing lists