nvd-json-data-feeds/CVE-2021/CVE-2021-470xx/CVE-2021-47089.json

{
  "id": "CVE-2021-47089",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-03-04T18:15:07.560",
  "lastModified": "2024-10-31T14:35:02.470",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkfence: fix memory leak when cat kfence objects\n\nHulk robot reported a kmemleak problem:\n\n    unreferenced object 0xffff93d1d8cc02e8 (size 248):\n      comm \"cat\", pid 23327, jiffies 4624670141 (age 495992.217s)\n      hex dump (first 32 bytes):\n        00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00  .@..............\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n      backtrace:\n         seq_open+0x2a/0x80\n         full_proxy_open+0x167/0x1e0\n         do_dentry_open+0x1e1/0x3a0\n         path_openat+0x961/0xa20\n         do_filp_open+0xae/0x120\n         do_sys_openat2+0x216/0x2f0\n         do_sys_open+0x57/0x80\n         do_syscall_64+0x33/0x40\n         entry_SYSCALL_64_after_hwframe+0x44/0xa9\n    unreferenced object 0xffff93d419854000 (size 4096):\n      comm \"cat\", pid 23327, jiffies 4624670141 (age 495992.217s)\n      hex dump (first 32 bytes):\n        6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30  kfence-#250: 0x0\n        30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d  0000000754bda12-\n      backtrace:\n         seq_read_iter+0x313/0x440\n         seq_read+0x14b/0x1a0\n         full_proxy_read+0x56/0x80\n         vfs_read+0xa5/0x1b0\n         ksys_read+0xa0/0xf0\n         do_syscall_64+0x33/0x40\n         entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nI find that we can easily reproduce this problem with the following\ncommands:\n\n\tcat /sys/kernel/debug/kfence/objects\n\techo scan > /sys/kernel/debug/kmemleak\n\tcat /sys/kernel/debug/kmemleak\n\nThe leaked memory is allocated in the stack below:\n\n    do_syscall_64\n      do_sys_open\n        do_dentry_open\n          full_proxy_open\n            seq_open            ---> alloc seq_file\n      vfs_read\n        full_proxy_read\n          seq_read\n            seq_read_iter\n              traverse          ---> alloc seq_buf\n\nAnd it should have been released in the following process:\n\n    do_syscall_64\n      syscall_exit_to_user_mode\n        exit_to_user_mode_prepare\n          task_work_run\n            ____fput\n              __fput\n                full_proxy_release  ---> free here\n\nHowever, the release function corresponding to file_operations is not\nimplemented in kfence.  As a result, a memory leak occurs.  Therefore,\nthe solution to this problem is to implement the corresponding release\nfunction."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kfence: repara la p\u00e9rdida de memoria cuando los objetos cat kfence Hulk robot inform\u00f3 un problema kmemleak: objeto sin referencia 0xffff93d1d8cc02e8 (tama\u00f1o 248): comm \"cat\", pid 23327, jiffies 4624670141 (edad 495992.217s ) volcado hexadecimal (primeros 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. rastreo inverso: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 objeto sin referencia 0xffff93d419854000 (tama\u00f1o 4096): comm \"cat\", pid 23327, Jiffies 4624670141 (edad 495992,217 s) volcado hexadecimal (primeros 32 bytes) : 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda1 2- rastreo inverso: seq_read_iter+0x313/0x440 seq_read+ 0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 Creo que podemos reproducir f\u00e1cilmente este problema con los siguientes comandos: cat /sys/kernel/ depurar/ kfence/objects echo scan &gt; /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak La memoria filtrada se asigna en la pila siguiente: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---&gt; alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse - --&gt; alloc seq_buf Y deber\u00eda haberse liberado en el siguiente proceso: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---&gt; free aqu\u00ed Sin embargo, la funci\u00f3n de liberaci\u00f3n correspondiente a file_operatives no est\u00e1 implementada en kfence. Como resultado, se produce una p\u00e9rdida de memoria. Por tanto, la soluci\u00f3n a este problema es implementar la funci\u00f3n de liberaci\u00f3n correspondiente."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/0129ab1f268b6cf88825eae819b9b84aa0a85634",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/2f06c8293d27f6337f907042c602c9c953988c48",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}
Auto-Update: 2024-03-04T19:00:32.288836+00:00 2024-03-04 19:00:36 +00:00			`{`
			`"id": "CVE-2021-47089",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-03-04T18:15:07.560",`
Auto-Update: 2024-10-31T15:00:33.966268+00:00 2024-10-31 15:03:34 +00:00			`"lastModified": "2024-10-31T14:35:02.470",`
Auto-Update: 2024-03-05T15:01:09.291630+00:00 2024-03-05 15:01:14 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2024-03-04T19:00:32.288836+00:00 2024-03-04 19:00:36 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkfence: fix memory leak when cat kfence objects\n\nHulk robot reported a kmemleak problem:\n\n unreferenced object 0xffff93d1d8cc02e8 (size 248):\n comm \"cat\", pid 23327, jiffies 4624670141 (age 495992.217s)\n hex dump (first 32 bytes):\n 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n seq_open+0x2a/0x80\n full_proxy_open+0x167/0x1e0\n do_dentry_open+0x1e1/0x3a0\n path_openat+0x961/0xa20\n do_filp_open+0xae/0x120\n do_sys_openat2+0x216/0x2f0\n do_sys_open+0x57/0x80\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n unreferenced object 0xffff93d419854000 (size 4096):\n comm \"cat\", pid 23327, jiffies 4624670141 (age 495992.217s)\n hex dump (first 32 bytes):\n 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0\n 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12-\n backtrace:\n seq_read_iter+0x313/0x440\n seq_read+0x14b/0x1a0\n full_proxy_read+0x56/0x80\n vfs_read+0xa5/0x1b0\n ksys_read+0xa0/0xf0\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nI find that we can easily reproduce this problem with the following\ncommands:\n\n\tcat /sys/kernel/debug/kfence/objects\n\techo scan > /sys/kernel/debug/kmemleak\n\tcat /sys/kernel/debug/kmemleak\n\nThe leaked memory is allocated in the stack below:\n\n do_syscall_64\n do_sys_open\n do_dentry_open\n full_proxy_open\n seq_open ---> alloc seq_file\n vfs_read\n full_proxy_read\n seq_read\n seq_read_iter\n traverse ---> alloc seq_buf\n\nAnd it should have been released in the following process:\n\n do_syscall_64\n syscall_exit_to_user_mode\n exit_to_user_mode_prepare\n task_work_run\n ____fput\n __fput\n full_proxy_release ---> free here\n\nHowever, the release function corresponding to file_operations is not\nimplemented in kfence. As a result, a memory leak occurs. Therefore,\nthe solution to this problem is to implement the corresponding release\nfunction."
Auto-Update: 2024-04-04T08:42:25.815847+00:00 2024-04-04 08:46:00 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kfence: repara la p\u00e9rdida de memoria cuando los objetos cat kfence Hulk robot inform\u00f3 un problema kmemleak: objeto sin referencia 0xffff93d1d8cc02e8 (tama\u00f1o 248): comm \"cat\", pid 23327, jiffies 4624670141 (edad 495992.217s ) volcado hexadecimal (primeros 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................. rastreo inverso: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 objeto sin referencia 0xffff93d419854000 (tama\u00f1o 4096): comm \"cat\", pid 23327, Jiffies 4624670141 (edad 495992,217 s) volcado hexadecimal (primeros 32 bytes) : 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda1 2- rastreo inverso: seq_read_iter+0x313/0x440 seq_read+ 0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 Creo que podemos reproducir f\u00e1cilmente este problema con los siguientes comandos: cat /sys/kernel/ depurar/ kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak La memoria filtrada se asigna en la pila siguiente: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse - --> alloc seq_buf Y deber\u00eda haberse liberado en el siguiente proceso: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free aqu\u00ed Sin embargo, la funci\u00f3n de liberaci\u00f3n correspondiente a file_operatives no est\u00e1 implementada en kfence. Como resultado, se produce una p\u00e9rdida de memoria. Por tanto, la soluci\u00f3n a este problema es implementar la funci\u00f3n de liberaci\u00f3n correspondiente."
Auto-Update: 2024-03-04T19:00:32.288836+00:00 2024-03-04 19:00:36 +00:00			`}`
			`],`
Auto-Update: 2024-10-31T15:00:33.966268+00:00 2024-10-31 15:03:34 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 3.3,`
			`"baseSeverity": "LOW"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
Auto-Update: 2024-03-04T19:00:32.288836+00:00 2024-03-04 19:00:36 +00:00			`"references": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/0129ab1f268b6cf88825eae819b9b84aa0a85634",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/2f06c8293d27f6337f907042c602c9c953988c48",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`}`
			`]`
			`}`