CVE-2021-29649 — Missing Release of Memory after Effective Lifetime in Kernel
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 69.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 30
Latest updateMay 24
Description
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages9 packages
Also affects: Fedora 32, 33, 34
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4Red Hat▶
kernel: memory leak in user mode driver due to lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c↗2021-03-19
Microsoft▶
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/pr↗2021-03-09
Debian▶
CVE-2021-29649: linux - An issue was discovered in the Linux kernel before 5.11.11. The user mode driver...↗2021