PT-2024-11180 · Linux+1 · Linux Kernel+1

Published

2021-06-02

Updated

2024-11-04

CVE-2021-47130

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Linux kernel's nvmet module, where it attempts to free memory from the wrong pool, causing a crash. Specifically, when a p2p device is found but the p2p pool is empty, the nvme target tries to free the sgl from the p2p pool instead of the regular sgl pool. This results in a kernel bug being called. The fix involves assigning the p2p dev for the request only if it was allocated from the p2p pool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-770

Related Identifiers

BDU:2025-07409

CVE-2021-47130

OPENSUSE-SU-2024_1489-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

Affected Products

Linux Kernel

Suse

PT-2024-11180 · Linux+1 · Linux Kernel+1

CVE-2021-47130

Weakness Enumeration

Related Identifiers

Affected Products

References · 344